What The New SEC Cyber Rules Mean for Hedge Funds
There are many fascinations raised by the U.S. Securities and Exchange Commission’s new cybersecurity rules proposal. This webinar brings four experts together to discuss them. We’re providing some of the key takeaways from this event below, but we encourage you to also watch the full discussion via replay.
Kirk Samuels, Executive Director of Agio Cybersecurity, dug into these points with Mark Gurevich, Chief Compliance Officer of Maverick Capital, LTD; Ron Geffner, Partner of Sadis & Goldberg, LLP; and Joe Larizza, Managing Partner of Mirador, LLC.
They discussed the finer points of the proposal, the history of the SEC’s cybersecurity focus, what comes next, and exactly how they affect compliance, technology, cybersecurity, and operations professionals in the alternative investment industry.
For example, did you know:
- Under the current proposal, you’ll only have 48 hours to report an incident
- Reporting is broad and ill-defined, leaving some confusion around what exactly needs to be reported
- Your Chief Compliance Officer will need to take on more responsibility
- Your board will need to have deeper knowledge about your firm’s policy
- Your cybersecurity policies must be active, broad, and regularly tested
- You will need to publish info about incidents in the public domain (benefiting hackers, not investors)
- You may find conflicts between existing privacy rules and the proposal
Attendees, when polled, said they currently lack risk components identified by the SEC:
- 29% lack cyber event detection and response
- 38% lack Cybersecurity Governance
- 43% lack third-party cybersecurity risk programs
Only 7% of attendees said they were prepared for the changes. So, if you feel a bit lost, you’re not alone. But this is happening. You will need to get with the program.
Connect with us.
Need a solution? Want to partner with us? Please complete the fields below to connect with a member of our team.