Nation-states, organizations, groups and individuals continue to employ increasingly sophisticated methods to target information systems and computer networks. Governments and regulators – including the SEC and the U.K. Financial Conduct Authority – are also intensifying their scrutiny of organizations’ cybersecurity programs. See our two-part series “Navigating FCA and SEC Cybersecurity Expectations”: Part One
(Jan. 7, 2016); and Part Two
(Jan. 14, 2016). As a result, it is becoming more expensive to combat and contain cyber-related attacks. Given that cybersecurity is an enterprise-wide risk, fund managers must, at a minimum, ensure that they comply with industry best practices, including adopting one or more cybersecurity frameworks and creating a culture of cybersecurity compliance. This article, the first in a three-part series, discusses the risks and costs associated with cybersecurity attacks; the global focus on cybersecurity; relevant findings observed by the Office of Compliance Inspections and Examinations during the examination of SEC registrants; and cybersecurity best practices. The second article
will analyze the need for fund managers to hire a dedicated chief information security officer, review information security governance structures and explore the role of the chief compliance officer as a strategic partner. The third article
will evaluate methods for facilitating communication between cybersecurity stakeholders; outsourcing and co-sourcing of cybersecurity functions; and best practices for employing and overseeing third-party cybersecurity vendors. See our two-part series on how fund managers can meet the cybersecurity challenge: “A Snapshot of the Regulatory Landscape
” (Dec. 3, 2015); and “A Plan for Building a Cyber-Compliance Program
” (Dec. 10, 2015).