• SEC’s Division of Investment Management Releases Cybersecurity Guidance: Guidance Highlights the Importance of Cybersecurity for Funds and Advisers and Suggests Measures To Consider When Addressing Cybersecurity Risks
  • May 11, 2015 | Authors: John E. Baumgardner; Whitney A. Chatterjee; Jay Clayton; H. Rodgin Cohen; Donald R. Crawshaw
  • Law Firm: Sullivan & Cromwell LLP - New York Office
  • On April 28, 2015, the Securities and Exchange Commission’s Division of Investment Management released cybersecurity guidance (the “Guidance”) for registered investment companies (“funds”) and registered investment advisers (“advisers”). The Guidance explains that the Division has identified the cybersecurity of funds and advisers as an important issue and discusses various cybersecurity risks and measures to be considered when addressing those risks. The principal recommendations are for funds and advisers to consider, as appropriate: (1) periodic assessments of cybersecurity threats and vulnerabilities, (2) a prevention, detection and response strategy, and (3) policies, procedures, training and education. The Guidance is clear that these suggested measures are not intended to be comprehensive, and that funds and advisers should determine whether these or other measures need to be considered.