Buyers (And Sellers) Beware!: SEC Observations On Cybersecurity And Resiliency

SM
Sheppard Mullin Richter & Hampton

Contributor

Sheppard Mullin is a full service Global 100 firm with over 1,000 attorneys in 16 offices located in the United States, Europe and Asia. Since 1927, companies have turned to Sheppard Mullin to handle corporate and technology matters, high stakes litigation and complex financial transactions. In the US, the firm’s clients include more than half of the Fortune 100.
The Securities and Exchange Commission recently published a set of observations designed to assist financial market participants.
United States Technology

The Securities and Exchange Commission recently published a set of observations designed to assist financial market participants. While not legally binding, the observations are guideposts for investment companies, securities issuers, and others. They outline steps to improve cyber preparedness and to protect against well-known and evolving cybersecurity threats faced by companies in the United States and worldwide.

The observations come from the SEC's Office of Compliance Inspections and Examinations. The OCIE operates the SEC's National Exam Program, which is a risk-based inspection program intended to protect investors and ensure market integrity. OCIE collects and analyzes information on various measures that have been taken by market participants. Information gathered includes information about governance and risk management, access rights, and data loss prevention. OCIE also looks at mobile security, incident response resiliency and vendor management. Finally, OCIE looks at training and awareness as well.

The recently-issued observations provide specific examples of policies and practices that U.S. market participants have undertaken to protect sensitive data. Effective cybersecurity programs, the SEC noted, include those that look comprehensively at their risks. They also implement vulnerability scanning and monitor network traffic and detect security threats. The SEC also found effective programs are ones that had mobile device management and risk-assessed incident response plans for data breaches. The OCIE did recognize, though, that there is no "one-size fits all" approach for cybersecurity.

Putting it Into Practice: These observations give companies ideas about steps the SEC expects they will have taken to evaluate current cyber-risk infrastructure and make potentially-needed upgrades. While aimed at the financial markets, these recommendations may be helpful benchmarks for others as well.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More