Extract from Epiq’s article “New SEC Cybersecurity Rules: What to Know and How to Remain Compliant”
As addressing cybersecurity issues continues to become a top priority throughout the financial industry, the U.S. Securities and Exchange Commission (SEC) is following suit. The SEC unanimously voted to approve a new set of cybersecurity rules last May designed to ensure that broker dealers, investment advisers, and transfer agents have robust measures in place to not only detect data breaches but to notify customers when they may be affected by one.
Firms subject to these new rules have long been held to high standards when it comes to the protection of their client’s nonpublic private information, but with cybercrimes surging in recent years the SEC determined that further measures were necessary. Reported data compromises jumped from 1,801 to 3,205 between 2022 and 2023, a shocking 78% leap. Victims of these breaches totaled nearly 350,000,000 people and cost a record $4.45 million.
With the clock now ticking for those looking to remain compliant in light of these new rules—and with more potentially coming down the pipeline—it’s important to understand what measures affected firms must now take to protect client data and keep them informed in the event of a cyber incident. Take a look at these key considerations for a clearer picture.
