The Securities and Exchange Commission continues to encourage entities within its purview to institute cyber protections, especially in the wake of the rash of recent ransomware attacks. Numerous companies, including broker-dealers and investment management firms, have fallen victim to ransomware, which infiltrates the victim’s computer systems and blocks access to files with the threat of publication or deletion unless a ransom is paid. As a warning to public companies, the SEC recently issued a statement regarding the importance of the following precautionary measures:
- Regular assessments to identify cybersecurity threats and risks
- Penetration tests on critical systems to determine their vulnerability
- Consistent system maintenance that includes constant monitoring for software patches to address vulnerabilities
It is clear that while the SEC recognizes the inherent risk that cyber threats pose to all companies, no matter how protected, the SEC also expects companies to continue making efforts towards disaster preparedness and other cybersecurity issues. The full text of the SEC’s “Cybersecurity: Ransomware Alert” can be found here.