The SEC plans to examine the cybersecurity practices of over 50 registered broker-dealers and investment advisers. The SEC announced its plan in an April 15, 2014 Risk Alert, which closely follows the March 26 Cybersecurity Roundtable at which Chair Mary Jo White underscored the importance of cybersecurity to market security and customer data protection. At the Roundtable, Chair White emphasized the “compelling need for stronger partnerships between the government and private sector” to address cyber threats.
The Risk Alert included a comprehensive Appendix detailing the types of questions the SEC may be asking registrants in these exams, on such topics as cybersecurity governance, risks associated with remote customer access and risks associated with vendors and third parties. The sample questions include whether companies have discovered malware in their systems, suffered a network breach or found that computers used by customers and vendors to remotely access networks have been compromised since January 2013.
To read the full alert, click here.