On March 1, 2017, the New York State Department of Financial Services (DFS) cybersecurity regulations (Regulations) came into effect. Some industry professionals believe that compliance with the Regulations will become the “gold standard” for hedge fund managers, and it is also conceivable that the SEC or other states may follow New York’s lead and adopt similar measures. For recent perspectives from SEC officials on cybersecurity, see our two-part series: “Enforcement and Examination Priorities
” (May 11, 2017); and “Guidance on When to Disclose Cyber Events
” (May 18, 2017). For perspectives from another regulator, see “FCA Director Lays Out Expectations for Cybersecurity of Financial Services Firms: Identification of Cyber Risks, Detection, Firm Preparedness and Information Sharing
” (Sep. 29, 2016). A panel of cybersecurity industry professionals at the third annual Alternative Asset Management Symposium sponsored by Crystal & Company (Crystal) offered a summary of the Regulations and discussed how they may affect alternative asset managers and their service providers. Sandy Crystal, executive vice president at Crystal, hosted the event. Jeremy I. Bohrer,
partner at Brown Rudnick, moderated the discussion, which featured Ron Borys, senior managing director at Crystal; John F. Mullen, partner at Mullen Coughlin; Cuyler Robinson, vice president at Charles River Associates; and Russell Sherman, partner at Prosek Partners. This article highlights the key takeaways from the discussion. For coverage of Crystal’s 2016 symposium, see “Cyber Insurance Providers May Play a Key Role in Assisting Hedge Fund Managers Mitigate Cyber Incidents
” (May 26, 2016). For additional insights from Crystal and Borys, see “Cyber Insurance Coverage, Pre-Breach Mitigation Efforts and Post-Breach Response Plans Can Reduce Harm to Fund Managers From Cyber Attacks
” (Jan. 19, 2017).