The alternative investment industry is awaiting a finalized ruling from the Securities and Exchange Commission (SEC) on new proposed cybersecurity rules that were originally introduced February 9, 2022 and will significantly impact firms cyber risk strategy.
On March 15, 2023, the SEC released an update on the proposed cybersecurity risk management rules and amendments (“proposed Rule 206(4)-9” and “proposed rule 38a-2”) for registered advisors and funds.
The SEC update accounts for material additions including proposed regulation for outsourcing of “covered functions,” extended scopes of applicability and proposed cybersecurity rules for broker-dealers and clearing agencies, amongst others. The material changes have led the SEC to reopen the comment period for an additional 60 days. The final decision will be pushed out several months, but Drawbridge has thoroughly analyzed the reporting requirements for likely final outcomes and will work with our clients to ensure readiness as soon as the regulation is finalized.
Firms should take steps today to exceed compliance standards ahead of the finalized SEC decision, including:
- Continuous vulnerability management to analyze network and endpoint vulnerabilities in real time
- Cybersecurity training across the organization to empower employees to protect critical data by mitigating social engineering attacks
- Cyber risk assessments to better understand cybersecurity risk and operational controls
- Strengthening written policies and procedures on cybersecurity
We have done a thorough sweep and analysis of expected SEC outcomes and will continue to work with our 900+ clients to inform their cyber risk strategy and ensure confidence in cyber posture ahead of the effective regulation date. Watch our latest webinar to learn more about Drawbridge’s thoughts on the proposed cybersecurity risk management rules and what we believe is to come from the finalized ruling.
If your firm still has questions on how best to secure its cyber defenses ahead of the upcoming SEC guidelines on cybersecurity risk management, reach out to the Drawbridge team for our recommendations on how to prepare.