This past summer’s string of cyber enforcement actions signals that cybersecurity has become a top priority for the US Securities and Exchange Commission (“SEC”). This focus is consistent with the SEC’s Division of Examinations annual examination priorities, which have consistently included information security for the past several years. In particular, the 2021 examination priorities provided that the division would “review whether registrants have taken appropriate measures to: safeguard customer accounts and prevent account intrusions, including verifying an investor’s identity to prevent unauthorized account access; oversee vendors and service providers; address malicious email activities, such as phishing or account intrusions; respond to incidents, including those related to ransomware attacks; and manage operational risk as a result of dispersed employees in a work-fromhome environment.” The SEC’s continued focus on securities law violations related to cybersecurity is also in alignment with its 2018 Guidance on Public Company Cybersecurity Disclosures.