Cyber Risks For The Boardroom


The Recent Increase In Focus on Privacy Issues -

Privacy issues have been the focus of many state efforts over the past few years. However, the SEC has increased their focus tremendously over the past few months (see our blog posts here, here, and here). As early as October 2011, the SEC had demonstrated an interest in cybersecurity events by releasing guidance concerning public company cybersecurity disclosures. Otherwise, the SEC had remained relatively quiet. Recently, however, SEC involvement in this area has ratcheted up noticeably. On January 9, 2014, the SEC announced that it “will continue to examine governance and supervision of information technology systems, operational capability, market access, information security and preparedness to respond to sudden malfunctions and system outages.” Further, at a March 26, 2014, SEC-sponsored Cybersecurity Roundtable, SEC Chair Mary Jo White stressed “the compelling need for stronger partnerships between the government and private sector” to address security threats. Commissioner Luis Aguilar also emphasized the need for the SEC to gather additional information and “consider what additional steps the Commission should take to address cyber-threats.” Further demonstrating its commitment to the fact-gathering mission, and its increasing focus on cybersecurity, the SEC released an April 15, 2014, Cybersecurity Risk Alert containing a list of detailed questions to be posed to more than 50 different broker-dealers. The stated purpose of the questionnaire is to “assess cybersecurity preparedness in the securities industry.”

Directors often ask “what questions should I be asking and what areas should I be looking into?” A great starting point is looking at the areas the SEC has decided to focus on. What is your organization’s cybersecurity governance? How does your company identify and assess risks? Is it considered the best in class in your industry? How does your company protect its networks and information? What systems and protocols does the company maintain to detect unauthorized activity? Directors would do well to carefully consider these questions, as the SEC’s recent actions and focus indicate its commitment to increasing cybersecurity in the securities industry, and with that intent, an increase in enforcement actions is to be expected.

Originally published in VC Experts on August 11, 2014.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mintz Levin | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.