Cybersecurity remains a hot topic for regulators, including the Securities and Exchange Commission (SEC). On March 26, 2014, the SEC hosted a roundtable to discuss cybersecurity and the issues and challenges it raises for market participants. The roundtable addressed cybersecurity concerns for investment advisers, broker-dealers and public companies, and provided a forum to share information as to how they are addressing those challenges. This roundtable follows hard on the heels of the Financial Industry Regulatory Authority (FINRA) sending targeted sweep letters in January-February 2014 to broker-dealers querying their approaches to managing cybersecurity risks.
If you operate in this space, you should be asking yourself whether you have any assets (for example, intellectual property like algorithms or models), trade secrets or consumer data that could be subject to cyber-attack? If your defenses fail, do you have a business continuity plan in place for a cyber-attack? Do you have management controls in place and protocols for dealing with the fall-out from a cyber-attack?
There are already good standards/practices out in the marketplace that you can look to for guidance, including those recently promulgated by the National Institute of Standards and Technology (NIST). Given the SEC and FINRA’s recent activity in this area, we also expect that further regulation will be forthcoming.