Cyber Security Solutions for US Board Room
The increasing cyber security threat posed to investment advisers and funds as well as public companies, has led to the SEC calling for boards to implement robust safeguards. This is providing a range of challenges for board members as they endeavor to manage a highly-technical subject for which they have a legal responsibility.
The US Securities and Exchange Commission (“SEC”) has increased its focus on cyber security and operational resilience, in a clear signal that firms who are not prepared to address cyber security risks will need to take action. In its Examination Priorities for 2022, the SEC listed Information Security and Operational Resiliency as a key issue.
In July 2023, the SEC voted to adopt new rules requiring public companies to disclose material cyber security incidents and, to disclose on an annual basis, material information regarding their cyber security risk management, strategy, and governance.
The SEC’s press release can be found here.
The Division will again be reviewing registrants’ business continuity and disaster recovery plans, with particular focus on the impact of climate risk and substantial disruptions to normal business operations.
What can firms do now to mitigate cyber security risks?
- begin risk assessments that include a strong vendor risk management component
- draft new cyber policies or review prior policies
- examine existing technology controls to determine whether or not they meet current industry best practice
- appoint a Chief Information Security Officer (CISO).
How can Waystone Compliance Solutions help?
- provision of Chief Information Security Officer (CISO) for Board of Management
- provision of Cyber Security Advisor for investment advisers and fund boards
- cyber risk assessment including vendor risk assessment
- cyber policy drafting
- annual review and remediation of any attendant issues
- cyber incident response, reporting and remediation.
The role of a CISO includes:
- providing ongoing advice and guidance on cyber security matters and ensuring that the board of management remains at the forefront in addressing cyber security developments
- engagement with the client management team to determine an appropriate frequency per annum (1 day/month, 1 day/quarter etc)
- providing an annual cyber workplan to be signed off by the management team
- providing quarterly updates to the management team on progress against a cyber workplan
- overseeing third-party vendor management and other stakeholders.
Waystone Compliance Solutions has over a decade of experience within the industry and its principals have over 75 years of combined InfoSec and Data Protection experience. They act as an advisory, providing services to ‘C-Suite’ and Boards for cyber, information security and data protection issues. They are both ISO27001:2013 and ISO27701 certified.
If you would like to find out more about how Waystone Compliance Solutions can help you with your cyber security requirements, please contact us below.