SEC Cyber Risk Exam Guidelines- Would your Firm “Pass the Test”?

The SEC’s Office of Compliance Inspections and Examinations (OCIE) recently released a cyber security exam checklist to help firms assess the strength of their cyber security controls. This checklist, along with the SEC’s plan to examine cyber security preparedness at more than 50 broker-dealers and investment advisors, is yet another example illustrating a push towards tighter monitoring and possibly more regulation of cyber security from financial industry regulators.

Cyber security is a constantly evolving endeavor, with technology and the ability to access online data, legally or otherwise, advancing rapidly. As a result, firms should consider reviewing their cyber security strategy regardless of whether they believe to be one of the 50 or more firms examined by the SEC.

The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released the cyber security exam checklist, which has multiple areas of focus, including:

Firms may use this checklist as a guide to help assess cyber security preparedness. Knowing what regulators consider important to cyber security controls will help them better assess how their cyber security compares to regulator expectations. Additionally, considering cyber exposures and proactively implementing methods to review them is an important best practice for risk reduction.

All information provided in this blog is for informational purposes only. The sources used are presumed accurate. CalSurance Associates, Brown & Brown Program Insurance Services, Inc. and Brown & Brown, Inc. will not be liable for any errors, omissions, losses, injuries or damages arising from its display or use and will not assume responsibility for any misguided information. No guarantees are implied.