The SEC’s Office of Compliance Inspections and Examinations
(OCIE) recently released a cyber security exam checklist to help firms assess
the strength of their cyber security controls. This checklist, along with the
SEC’s plan to examine cyber security preparedness at more than 50 broker-dealers
and investment advisors, is yet another example illustrating a push towards
tighter monitoring and possibly more regulation of cyber security from
financial industry regulators.
Cyber security is a constantly evolving endeavor, with
technology and the ability to access online data, legally or otherwise,
advancing rapidly. As a result, firms should consider reviewing their cyber
security strategy regardless of whether they believe to be one of the 50 or
more firms examined by the SEC.
The Securities and Exchange Commission’s Office of
Compliance Inspections and Examinations (OCIE) released the cyber
security exam checklist, which has multiple areas of focus, including:
- Identification of Risks/Cybersecurity Governance
- Protection of Firm Networks and Information
- Risks Associated with Remote Customer Access and Funds Transfer Requests
- Risks Associated with Vendors and Other Third Parties
- Detection of Unauthorized Activity
Firms may use this checklist as a guide to help assess cyber
security preparedness. Knowing what regulators consider important to cyber
security controls will help them better assess how their cyber security
compares to regulator expectations. Additionally, considering cyber exposures
and proactively implementing methods to review them is an important best
practice for risk reduction.
All
information provided in this blog is for informational purposes only. The
sources used are presumed accurate. CalSurance Associates, Brown & Brown
Program Insurance Services, Inc. and Brown & Brown, Inc. will not be liable
for any errors, omissions, losses, injuries or damages arising from its display
or use and will not assume responsibility for any misguided information. No
guarantees are implied.