Ernest E. Badway was featured in the CIO article, "Firms Expect Greater Government Cybersecurity Oversight." Full text can be found in the March 1, 2016, issue, but a synopsis is below.
The U.S. Senate recently proposed a cybersecurity disclosure bill that would require public companies to describe what cybersecurity expertise their boards have, or, if they don't have any, what steps the companies are taking to get some expertise onto their boards.
While the SEC hasn't issued clear guidance on what constitutes reasonable security practices for boards, it has in recent years turned its focus on Wall Street institutions and issued guidance requiring publicly traded companies to report cybersecurity risks alongside other kinds of material risks.
The SEC already conducted a cybersecurity sweep and determined that a high percentage of broker/dealers and registered investment advisers fell victim to cyberattacks either directly or through vendors. Recently it announced it will be doing a second round of examinations of financial services firms focused on cybersecurity topics such as vendor management, governance and risk assessment, access controls, data loss prevention, training and incident response, as well as emerging technologies, new external threat vectors, enhanced assessments of third-party vendors, social media usage and insider threat management.
The SEC is adding teeth to its enforcement, noted Ernest Badway, co-chair of the securities industry practice at Fox Rothschild LLP.
"There have been several enforcement actions against a variety of broker/dealers, investment advisers and funds," he said.
Click here to view the full article.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
