2022 the SEC made cybersecurity an examination priority and proposed new comprehensive cybersecurity rules for alternative investment advisors and funds. With this increased attention, cybersecurity is no longer only a matter of protecting a firm’s reputation; it’s a critical component of compliance that can significantly impact your business operations.
As we await new SEC cybersecurity guidance expected over the next few months, every firm must understand how this will impact them in 2023 – and beyond. Do you know what steps you should take today to stay ahead of the curve?
On February 21, Drawbridge CISO Simon Eyre and Head of Relationship Management Rebecca Thomas took a deep dive into SEC cybersecurity action expected in 2023 – and detailed the critical steps your firm should take today.
If you missed the live event, you can still catch the on-demand version here:
Some key topics we discussed include:
- (03:02) SEC proposed rule expectations
The SEC reaffirmed the April 2023 Final Rule date in its recently published rule list – demonstrating its commitment to action on this critical topic.
Cybersecurity practices including risk assessments, vulnerability management and incident response continue to be a SEC focus and if your firm does not have these controls in place – it is best to act now.
The final SEC decision expected in April will also include guidance on what additional controls must look like in practice, including board oversight, recordkeeping and annual reviews.
- (09:19) Feedback from Drawbridge Clients
Regulators and investors alike have increased their focus on cybersecurity across the alternative investment industry. Questions around overall cyber programs and defenses – including what written policies exist and how often assessments and tabletop exercises are conducted – have become much more common.
Firms must be ready to detail their cybersecurity preparedness – especially as breaches in the software supply chain continue to increase.
- (15:55) 2023 Department of Examinations Exam Priorities
The February its 2023 examination priorities included a continued focus on cybersecurity, specifically safeguarding client records and information, robust vendor management and cybersecurity policies and procedures. This is another example that the SEC understands the severe threat of a data breach, ransomware attack or other threat vector and will continue to make cybersecurity a top priority.
Contact us to learn more about how Drawbridge can help your firm prepare now for the upcoming regulations.