Cyber Risks For The Boardroom


The Recent Increase In Focus on Privacy Issues -

Privacy issues have been the focus of many state efforts over the past few years. However, the SEC has increased their focus tremendously over the past few months (see our blog posts here, here, and here). As early as October 2011, the SEC had demonstrated an interest in cybersecurity events by releasing guidance concerning public company cybersecurity disclosures. Otherwise, the SEC had remained relatively quiet. Recently, however, SEC involvement in this area has ratcheted up noticeably. On January 9, 2014, the SEC announced that it “will continue to examine governance and supervision of information technology systems, operational capability, market access, information security and preparedness to respond to sudden malfunctions and system outages.” Further, at a March 26, 2014, SEC-sponsored Cybersecurity Roundtable, SEC Chair Mary Jo White stressed “the compelling need for stronger partnerships between the government and private sector” to address security threats. Commissioner Luis Aguilar also emphasized the need for the SEC to gather additional information and “consider what additional steps the Commission should take to address cyber-threats.” Further demonstrating its commitment to the fact-gathering mission, and its increasing focus on cybersecurity, the SEC released an April 15, 2014, Cybersecurity Risk Alert containing a list of detailed questions to be posed to more than 50 different broker-dealers. The stated purpose of the questionnaire is to “assess cybersecurity preparedness in the securities industry.”

Directors often ask “what questions should I be asking and what areas should I be looking into?” A great starting point is looking at the areas the SEC has decided to focus on. What is your organization’s cybersecurity governance? How does your company identify and assess risks? Is it considered the best in class in your industry? How does your company protect its networks and information? What systems and protocols does the company maintain to detect unauthorized activity? Directors would do well to carefully consider these questions, as the SEC’s recent actions and focus indicate its commitment to increasing cybersecurity in the securities industry, and with that intent, an increase in enforcement actions is to be expected.

Originally published in VC Experts on August 11, 2014.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mintz Levin | Attorney Advertising

Written by:


Mintz Levin on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.