News

SEC Committed to Cybersecurity Enforcement for Investment Firms

The SEC recently announced its first cybersecurity enforcement against an investment advisor that failed to have sufficient safeguards in place to protect its client’s data. This action underscores the SEC’s new commitment to enforcing cybersecurity compliance, as well as the need for companies, especially investment firms, to have cybersecurity best practices in place.

The SEC charged the investment advisor for failure “to conduct periodic risk assessments, implement a firewall, encrypt PII [personally identifiable information] stored on its server, or maintain a response plan for cybersecurity incidents”. The company had stored sensitive PII of its clients and others on its third party-hosted web server from September 2009 to July 2013. The server was then attacked in July 2013, compromising the data of more than 100,000 individuals, making them vulnerable to theft.

So far, none of the advisor’s clients, or the other individuals whose data was on the server, has experienced financial harm as a result of the hack.

However, the firm was fined $75,000 because of a due diligence failure to protect client records and information.

Marshall Sprung, Co-Chief the SEC Enforcement Division’s Asset Management Unit, stated that, “As we see an increasing barrage of cyber attacks on financial firms, it is important to enforce the safeguards rule even in cases like this when there is no apparent financial harm to clients.” This involves the adoption of written policies and procedures designed to protect private information, as well as having clear action plans in place for when a breach occurs.

The SEC also recently published an alert advising investors on what to do if they become victims of a data breach. The agency is also reported to be considering a plan that would require companies to disclose cybersecurity vulnerabilities.

In the meantime, as high-profile breaches continue to occur and be reported in the news, the SEC will be increasing scrutiny of firms that do not have appropriate cybersecurity measures in place.

Learn More

To learn more about how CT can help you better manage your legal service needs, contact a CT representative at 844-316-8948 (toll-free US).

Related services:

Entity Management Services
Global Corporate Services
Service of Process Management
Business License Managed Services
Global Managed Services
Annual Reports Managed Services

Join the conversation. Follow us on Twitter, LinkedIn, Google+ and Facebook.

Request a Custom Quote

Have a specific question about a product? A CT Specialist will follow up with a custom quote along with a comprehensive assessment of your needs.