Following increased enforcement in 2021, the SEC recently released its new cybersecurity rules on February 9, 2022 (reference). The rules are the latest effort from federal agencies to tighten compliance around assessing and addressing cybersecurity risks and requiring regulatory breach reporting within a specified period.
Let’s take a deep dive into what it includes.
In this latest effort, the Commission recognizes that there is no “one size fits all” approach. This focus on RIAs, RICs, and BDCs attempts to focus on regulation and compliance for these particular types of companies. Other changes of note include specifications for the written security plan. Though the requirement of a written security plan has been included in several previous pieces of compliance rules, none have been specified to this degree.
We hope you found this breakdown of the new cyber rule helpful. If you have questions related to your business, please reach out to PK Tech, and we can explain further. Get in touch with us here.