Randy Sabett, Kamran Salour
“The SEC first dipped its toes into the cyber pool in 2011 with guidance for registered entities on both proactive and reactive aspects of cybersecurity. That was followed by additional SEC guidance in 2018 that continued to build on the themes of disclosure, materiality, and involvement of management and the board. In 2022, the SEC released a draft rule that has now been amended and is awaiting finalization (currently expected in April 2023). The draft rule establishes “a more comprehensive framework to address cybersecurity risks for advisers and funds”, including requirements for a 48-hour period for incident reporting, “policies and procedures that are reasonably designed to address their cybersecurity risks,” disclosure to investors of both cyber risks and incidents, annual risk assessments, as well as recordkeeping requirements. This session will feature a lively discussion of what this all means for entities subject to the rule.”
Randy Sabett, Special Counsel, Cooley
Kamran Salour, Partner, Lewis Brisbois Bisgaard & Smith
Readings:
