Prepare for the Changing Landscape in Cybersecurity

John O’ConnellAdvisor Perspectives welcomes guest contributions. The views presented here do not necessarily represent those of Advisor Perspectives.

The U.S. Securities and Exchange Commission (SEC) issued a Notice of Proposed Rulemaking on April 5, 2023, outlining a proposed cybersecurity risk management rule1. Additionally, the SEC issued a Notice of Proposed Rulemaking on April 6, 2023, outlining proposed changes to Regulation S-P2. The SEC has good reason to propose new regulations given the significant rise in cybersecurity issues each year, the costs borne by companies who experience successful attacks, and the need for investors to understand the risks to their investments associated with attacks.

Proposed rules by the SEC and other self-regulatory bodies and proposed and enacted legislation have significant effects for any company, particularly for financial services firms. This rule, or a form of it, will pass. Firms need to prepare for this rule and similar regulations now to avoid disruptions to their business and additional costs associated with implementing solutions in haste.

This article examines the challenges associated with the SEC’s proposed rule, the expected effect on financial services firms, and how firms can prepare now for the new rule.