In a speech on October 29, 2021, the US Securities and Exchange Commissioner (SEC), Elad L. Roisman, spoke about cybersecurity in the context of protecting investors, maintaining fair, orderly, and efficient markets, and facilitating capital formation. Indeed, market integrity and a stable growing economy rely on secure data and security.
He emphasized the challenging position faced by SEC registrants in dealing with cyber threats and stressed that while the SEC is only one part of the cyber regulatory landscape, the industry has specific areas on which to focus.
Roisman outlined some of the regulatory requirements and guidance addressing cybersecurity challenges, including:
Safeguarding customer records and information in network storage
Privacy notices and safeguard policies
Public company cybersecurity disclosures
“Safeguards Rule” - requiring registered broker-dealers and investment advisers to implement adequate written policies and procedures designed to protect customer data.
Roisman concludes that “cybersecurity will only become more important in our personal and professional lives” and offers a few areas of focus for registrants to start in the short term, namely identifying providers and experts that a registrant should call in the event of a cyber-incident and conducting table-top exercises to proactively prepare for an incident.