The SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert in April with additional information about its Cybersecurity Initiative.
The Risk Alert is particularly relevant after news this week that the SEC has opened investigations of Target and other companies examining whether they properly handled and disclosed a growing number of cyberattacks.
The investigations are focused on whether the companies adequately guarded data and informed investors about the impact of breaches.
The SEC’s April Risk Alert and overall initiative is intended to help businesses in the securities industry assess cybersecurity preparedness, including broker-dealers and investment advisers.
Lawyers at Pepper Hamilton LLP have written a Client Alert about the SEC’s initiative.
Beginning with its Cybersecurity Disclosure Guidance issued in October of 2011 and its continuing speeches and roudtables on the topic, the SEC has been using feedback from companies about their recent experiences with cyberthreats to help firms meet cyber-security threats.
A Kroll survey this year showed that 75% of compliance officers still are not involved in managing cyber security risk.
The Pepper Hamilton Client Alert, which links to SEC resources and the firm’s other publications on cybersecurity risk-management, can be found here.
Julie DiMauro is the executive editor of FCPA Blog and can be reached here.