Caution: Despite Recent Regulatory Updates, Do Not Take Your Foot off the Cybersecurity Pedal

Anti-virus

We have written about the potential impact of the SEC’s lawsuit against Solar Winds previously, suggesting that there could be a similar situation in the asset and wealth management industry when the SEC’s cybersecurity rules for RIAs and funds eventually come into force.

A New York federal court has now dismissed most of the claims brought by the SEC against Solar Winds and its Chief Information Security Officer, Timothy Brown. The news comes after the agency has lost other, non-cyber lawsuits; for example, the private funds adviser rule.

What concerns us at BW Cyber, however, is that those in the asset and wealth management community may take their foot off the gas when it comes to their cybersecurity infrastructure. We are generally supportive of a regulatory ‘floor’ when it comes to cybersecurity regulations and not nearly enough asset and wealth managers meet the requirements the SEC laid out in its original proposal back in February 2022. BW Cyber recommends all asset and wealth managers adopt the existing proposals regardless of whether they end up being mandated or not. Standard cyber programs and protections in line with these proposed rules are still your best choice to prevent the potential effects from a supply chain attack.