The SEC's Focus on Cybersecurity
Key considerations for investment advisers
The growing number and complexity of cybersecurity risks facing investment advisers (IAs) has triggered an increased interest in cyber risk management by the United States Securities and Exchange Commission (SEC). Cyber risks and the SEC's related focus are particularly relevant for mutual funds, hedge funds, and private equity managers.
In this point of view, we outline key considerations arising from the cybersecurity Risk Alert issued by the SEC's Office of Compliance Inspections and Examinations (OCIE) and describe how IAs can prepare for an OCIE cybersecurity examination and leading practices for IAs to utilize when addressing cybersecurity threats.
Deloitte expects the SEC and its staff to continue to focus on cybersecurity, particularly as the results of a planned sweep of fifty cybersecurity exams unfold. It is critical that IAs not only meet SEC expectations in the cybersecurity arena, but also invest in a program to become secure, vigilant, and resilient in the face of cybersecurity risks.
As used in this document, "Deloitte" means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.