In the wake of recent major cyber security breaches at retailers and banks, the SEC held a cyber security roundtable meeting in March to discuss the current data breach climate and how financial advisors and firms can protect themselves from cyber attacks. Speakers at the event emphasized that financial institutions of all sizes face daily threats, with top risks identified as operational risks, employee theft and hackers. Steps for addressing inadequate cyber security and reducing potential vulnerabilities were discussed. The long and short of it? Due to increased cyber risk threats to the financial sector, the SEC is making data security a priority in 2014.
SEC Disclosure Guidance: A History
The SEC initially provided Disclosure Guidance related to cyber security in October 2011. The viewpoint was that federal securities laws, in part, are designed to elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision. It was conceded that no existing disclosure requirement explicitly referred to cyber security risks and cyber incidents, but a number of disclosure requirements may impose an obligation on registrants to disclose such risks and incidents.
The SEC further recognized that registrants had migrated toward increasing dependence on digital technologies to conduct their operations, which led to more frequent and severe cyber incidents. These incidents open up registrants to a variety of liabilities, including liability for remediation costs resulting from stolen assets or information; repairing system damage; increased cyber security protection costs; lost revenue resulting from unauthorized use of proprietary information or the failure to retain or attract customers following an attack; litigation; and reputational damage adversely affecting customer or investor confidence. The 2011 Disclosure Guidance also provided a framework for how and when how a registrant should disclose the risks of a cyber attack and its consequences.
Fast forward to 2014: current updates from the SEC's Office of Compliance Inspections and Examinations (OCIE) indicate that OCIE is exploring ways to test the preparedness of investment advisors and investment companies related to cyber security issues. In preparation for such tests, financial firms and advisors should consider a number of measures to reduce cyber security risks.
Financial Advisor Forecast: Stormy With Scattered Data Breaches
June 23, 2014
« Previous Article
| Next Article »
Login in order to post a comment
Comments
-
Good to see financial services firms Insuring Against Cyberthreats, given the sensitivity of the data financial services firms must protect, security is an even greater concern . I work for McGladrey , join us for a webcast outlining the latest on cybersecurity in financial services and what you need to know to be ready for the Office of Compliance, Inspections and Examinations (OCIE’s) new cybersecurity initiative @ http://bit.ly/1iSiZnk