ARTICLE
9 March 2020

Buyers (And Sellers) Beware!: SEC Observations On Cybersecurity And Resiliency

SM
Sheppard, Mullin, Richter & Hampton LLP

Contributor

Sheppard, Mullin, Richter & Hampton LLP logo
Businesses turn to Sheppard to deliver sophisticated counsel to help clients move ahead. With more than 1,200 lawyers located in 16 offices worldwide, our client-centered approach is grounded in nearly a century of building enduring relationships on trust and collaboration. Our broad and diversified practices serve global clients—from startups to Fortune 500 companies—at every stage of the business cycle, including high-stakes litigation, complex transactions, sophisticated financings and regulatory issues. With leading edge technologies and innovation behind our team, we pride ourselves on being a strategic partner to our clients.
Explore Firm Details
The Securities and Exchange Commission recently published a set of observations designed to assist financial market participants.
United States Technology
David M. Poell
Your Author LinkedIn Connections
David M. Poell’s articles from Sheppard, Mullin, Richter & Hampton LLP are most popular:
  • with readers working within the Retail & Leisure industries
Sheppard, Mullin, Richter & Hampton LLP are most popular:
  • within Insolvency/Bankruptcy/Re-Structuring topic(s)

The Securities and Exchange Commission recently published a set of observations designed to assist financial market participants. While not legally binding, the observations are guideposts for investment companies, securities issuers, and others. They outline steps to improve cyber preparedness and to protect against well-known and evolving cybersecurity threats faced by companies in the United States and worldwide.

The observations come from the SEC's Office of Compliance Inspections and Examinations. The OCIE operates the SEC's National Exam Program, which is a risk-based inspection program intended to protect investors and ensure market integrity. OCIE collects and analyzes information on various measures that have been taken by market participants. Information gathered includes information about governance and risk management, access rights, and data loss prevention. OCIE also looks at mobile security, incident response resiliency and vendor management. Finally, OCIE looks at training and awareness as well.

The recently-issued observations provide specific examples of policies and practices that U.S. market participants have undertaken to protect sensitive data. Effective cybersecurity programs, the SEC noted, include those that look comprehensively at their risks. They also implement vulnerability scanning and monitor network traffic and detect security threats. The SEC also found effective programs are ones that had mobile device management and risk-assessed incident response plans for data breaches. The OCIE did recognize, though, that there is no "one-size fits all" approach for cybersecurity.

Putting it Into Practice: These observations give companies ideas about steps the SEC expects they will have taken to evaluate current cyber-risk infrastructure and make potentially-needed upgrades. While aimed at the financial markets, these recommendations may be helpful benchmarks for others as well.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of David M. Poell
David M. Poell
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More