On August 30, 2021, the Securities and Exchange Commission (“SEC”) announced three settled orders against several investment advisers, broker-dealers, and dual registrants for violations of Regulation S-P allegedly resulting from business email compromises that each exposed or potentially exposed the personal information of thousands of customers. These enforcement actions underscore the following lessons for broker-dealers and investment advisers of all stripes.
Because these enforcement actions demonstrate that the SEC is continuing to focus on cybersecurity and will charge firms for alleged lapses, firms should examine their information security programs to see how they stack up against these latest allegations.
 U.S. Sec. & Exch. Comm’n, Rel. No. 2021-169, SEC Announces Three Actions Charging Deficient Cybersecurity Procedures (Aug. 30, 2021), available at https://www.sec.gov/news/press-release/2021-169.