SEC cyber oversight still priority as concerns grow
Reprints
The U.S. Securities and Exchange Commission will continue to review broker-dealers’ and advisers’ cybersecurity practices next year, the agency said in a report issued Monday.
“Operational disruption risks remain elevated due to the proliferation of cybersecurity attacks, firms’ dispersed operations, intense weather-related events, and geopolitical concerns,” the agency said in its “2024 Examination Priorities, Division of Examinations” report.
“Given these risks and concerns, cybersecurity remains a perennial focus area for all registrants,” it said.
It said the division will focus on registrants’ policies and procedures, internal controls, oversight of third-party vendors where applicable, governance practices and responses to cyber-related incidents, including those related to ransomware attacks.
“Part of this review will consider whether registrants adequately train staff regarding their identity theft prevention program and their policies and procedures designed to protect customer records and information,” it said.
Other risk areas that impact various market participants, it said, include crypto assets and emerging financial technology, regulation systems compliance and integrity, and anti-money laundering.
This is in addition to the agency planning to focus on issues involving investment companies, broker-dealers, self-regulatory organizations, clearing agencies and other market participants.
Experts have said businesses will face challenges complying with a cybersecurity rule issued by the SEC in July that gives them just four business days to report material cyber breaches, experts say.
