SEC Cybersecurity Risk Management Fact Sheet
The SEC implemented a final rule on July 26, 2023.
With this SEC ruling, the SEC has adopted requirements around “disclosure of material cybersecurity incidents on Form 8-K and periodic disclosure of a registrant’s cybersecurity risk management, strategy, and governance in annual reports.”
These rules require advisors to disclose via an updated 8-K form whether they determined any cybersecurity incident to be material. They must also describe the material aspects of the incident’s “nature, scope, and timing, as well as its material impact or reasonably likely impact on the registrant.”
Are you up-to-date with the SEC cyber rules?
Financial institutions must report on assessing, monitoring, mitigating, and remediating cyber risks.
The rules:
- Require advisers and registered funds to disclose detailed information about their “cybersecurity risks” and “cybersecurity incidents” to current and prospective clients and shareholders.
- Require reporting of any “significant adviser cybersecurity incidents” (which may occur with respect to private funds or clients) and “significant fund cybersecurity incidents” (for registered funds) to the SEC within 48 hours of reasonably concluding an incident occurred and
- Require advisers and registered funds to adopt and implement cybersecurity policies and procedures reasonably designed to address cybersecurity risks.
Partner with Xiologix and Fintegr8 Systems for practical cybersecurity solutions.
We understand that balancing the need to prepare for the uncertainty of potential changes can be challenging. Let Xiologix and Finter8 be your guides to help bring your Data Security Strategy into SEC Compliance.
Xiologix and Fintegr8 Systems can assist you in meeting compliance challenges by:
1. Performing a cyber risk assessment.
As the rules state, “The first step in designing effective cybersecurity policies and procedures is assessing and understanding the cybersecurity risks facing an adviser or a fund.”
2. Assist in Developing and Updating Information Security Policies.
Policies are another foundational element of any cybersecurity program. Annual updates to cybersecurity policies are central tenets of the new rule.
3. Vulnerability Management.
The new rules require firms to inventory service providers with access to sensitive data or systems, assess these vendors’ cybersecurity and resilience practices, and include security clauses in contracts.
4. Strengthen User Cybersecurity and Access Controls.
Strong user access controls are not only a key component of the SEC rules but are the most important measure in minimizing the likelihood of a breach. A cyber risk assessment will identify and prioritize improvements to your controls.
5. Sensitive Data Discovery.
Understand what sensitive data was found, where it was found, and the associated risk for your business. Mitigate risk by taking immediate steps to secure this data.
Our services help effectively enhance your cybersecurity posture and empower you to stay ahead of the ever-changing threat landscape.
To highlight our commitment, Xiologix, and Fintegr8 Systems extend an exclusive invitation for your participation in a complimentary dark web crawl of your domain name to search for leaked or stolen company data and underground discussions mentioning your organization, its domains, or IP addresses. Take the first step towards fortifying your cybersecurity stance by scheduling your complimentary dark web scan.
