On April 28, the Securities and Exchange Commission (SEC) released a Guidance Update addressing the importance of cybersecurity and the steps registered investment advisers (and registered investment companies) may wish to consider in light of growing cybersecurity risks. This Guidance Update is the latest instance of the SEC’s increased emphasis on cybersecurity as a priority for advisers. A Cybersecurity Roundtable was hosted by the SEC on March 26, 2014 and the Office of Compliance Inspections and Examinations released a Risk Alert on February 3, 2015 summarizing its cybersecurity examinations of over 100 advisers and broker-dealers.
The Guidance Update provides several measures that advisers may wish to consider when creating a cybersecurity policy. These suggestions are not, however, intended to be comprehensive and advisers should tailor their cybersecurity policies to the particular nature and scope of their businesses.