Proposed SEC Cyber Rules — What Security Organizations Need to Know
The SEC recently announced proposed cyber rules affecting registered investment advisers and funds, the first guidance since 2018. The proposed rule, “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure” helps by becoming more prescriptive in the newly proposed rules. The SEC is addressing observed shortcomings in incident reporting practices that range from incidents not being disclosed to disclosures that are incomplete, late, or inconsistent with managed cyber risk. The proposed rules look to reduce unevenly interpreted self-regulatory guidance and replace with detailed regulatory changes that apply to registered investment advisers and funds. Here’s what you need to know.