In light of the heightened focus on these issues, firms should review their existing security controls, incident response plans, and other cybersecurity and data protection procedures to ensure that they are adequately protecting customer information.
A. The Regulators’ Priorities
Each year the SEC and FINRA publish reports outlining their regulatory priorities. These reports relay their findings from examinations of firms and offer guidance on how firms can improve their operations. In this year’s reports, the SEC and FINRA discussed the importance of information security and data privacy and how firms are more vulnerable now than ever before to cyber-attacks. The…