SEC (Securities and Exchange Commission) Examiners to Review Asset Managers Cybersecurity Defenses
As part of OCIE’s routine examinations, the staff intends to scrutinize the policies and procedures that asset managers use to prevent and to detect cyber-attacks. Additionally, the staff will assess whether asset managers are reviewing and enhancing safeguards to protect against security risks. To prepare for such exams, asset managers should review their information technology training programs, analyze whether vendor access to their systems creates potential weaknesses, and review their vendors’ due diligence processes. SEC examiners may also evaluate whether asset managers are properly reporting "material" cyber events to regulators.