Navigating the 2024 SEC Cybersecurity Examination Priorities: Key Insights

As we await the final approval of the SEC’s "Cybersecurity Risk Management for Investment Advisors" rule, significant updates to the Department of Examination’s priorities have been unveiled, shedding light on crucial aspects shaping the impending regulations. This article includes what we've identified as the priorities firms should know about now.

Operational resilience as a primary goal:

• Definitive shift towards establishing "operational resilience" as a primary goal for SEC registered funds.
• Acknowledgment of risks posed by operational interruptions, stemming from traditional cyber incidents and challenges related to a dispersed workforce.
• Emphasis on proactive incident response plans and robust business continuity planning to address these risks.

Third-party risk and vendor due diligence:

• SEC compliance now involves addressing cybersecurity risks in various technology solutions, whether on-premises or in the cloud.
• Department of Examination identifies oversight of third-party vendors as a top priority for 2024.
• Firms urged to take necessary steps to identify and mitigate risks should third-party vendors be impacted by a cyber attack.

Core cybersecurity elements remain in focus:

• Continued emphasis on essential elements of the proposed cyber rule, including policies and procedures, staff awareness training, internal controls, governance, reporting, and protection of personally identifiable information.
• These aspects underscore the ongoing importance of comprehensive cybersecurity measures.

Strategic preparedness for firms:

• Examination priorities provide a clear roadmap for compliance with the proposed rule requirements.
• Firms that have prepared based on these expectations stand in good stead, while those awaiting the final ruling risk falling behind the Department of Examination's standards.

Stay ahead of the curve by delving into these key insights, ensuring your firm is well-prepared to meet the evolving landscape of SEC cybersecurity examination priorities in 2024. Download Drawbridge's SEC Cyber Rule Preparation Checklist to get a list of the SEC's Cyber Rule requirements.

Want to review the list with a Drawbridge team member? Email us at [email protected] to schedule a 30-minute review.