SEC Publishes Cybersecurity and Resiliency Observations
Time 1 Minute Read
Categories: Cybersecurity, Financial Privacy, Information Security

The Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) recently announced the publication of a report entitled “Cybersecurity and Resiliency Observations.” The report summarizes the observations gleaned from OCIE’s cybersecurity examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges and other SEC registrants.

The report details observations in a number of key areas, including (1) governance and risk management; (2) access rights and controls; (3) data loss prevention; (4) mobile security; (5) incident response and resiliency; (6) vendor management; and (7) training and awareness.

Some key recommendations for regulated entities include:

  • developing and updating a vulnerability management program;
  • securing their legacy systems and equipment that contain personal information; and
  •  ensuring clearly-defined communication channels in the event of an information security incident.

In announcing the report, SEC Chairman Jay Clayton noted that, “cybersecurity and resiliency are at the core of OCIE’s inspection efforts.” Similarly, the Director of OCIE stated that “it was critical to share these observations in order to allow organizations the opportunity to reflect on their own cybersecurity practices.”

Tags: Compliance, Personal Data, Personal Information, Securities and Exchange Commission
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Publishes Guidance on Recognized Legitimate Interest Basis

On March 23, 2026, the UK Information Commissioner's Office released new guidance clarifying the use of the new recognized legitimate interest lawful basis for processing personal information under UK data protection law.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
CalPrivacy Reaches Settlement with Ford Motor Company Over CCPA Opt-Out Right Violations

On March 5, 2026, the California Privacy Protection Agency announced that the agency had reached a settlement with Ford Motor Company resolving an enforcement action against the company that alleged noncompliance with the California Consumer Privacy Act’s opt-out of sale/sharing rights.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page