Division of Investment Management Issues Cybersecurity Guidance-- Securities and Exchange Commission
May 25, 2015
Nathaniel Segal, John S. Marten released 5-24-15
On April 28, 2015, the staff of the Division of Investment Management of the SEC published a Guidance Update addressing cybersecurity risks and the need for funds and advisers to protect confidential
and sensitive information concerning fund investors and advisory clients. The staff noted that cyber-attacks on a wide range of financial services firms highlight the need for firms to review their cybersecurity measures.
The staff remarked that funds and advisers should identify their respective compliance obligations under the federal securities laws and take into account these obligations when assessing their ability to prevent, detect and respond to cyber-attacks. The staff identified a number of measures that funds and advisers may wish to consider in addressing cybersecurity risk, including the following to the extent they are relevant: