In 2021, the Securities Exchange Commission (SEC) announced its intent to prioritize cybersecurity, noting the increase in security breaches following the sudden shift to remote work due to COVID-19. In the past year, the SEC has been extremely active, issuing proposed rulemaking for cybersecurity disclosures, including a 48-hour regulatory breach notification requirement, for registered investment advisors and broker-dealers. Most recently, the SEC issued proposed rules for public companies, including a rule that would require disclosure of a significant cybersecurity incident with four days. These rules follow an uptick in enforcement actions against companies deemed to have had inadequate cybersecurity practices, recordkeeping, and breach reporting.
Presenters Jena Valdetero and Steven Malina will provide an overview of the state of the SEC’s cybersecurity activities and takeaways for what registered and regulated companies can do to comply.