The Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) has recently started to examine the capabilities of domestic organizations to fend off attempted cyberattacks and respond quickly to successful ones to ensure the confidence of investors, limited partners, and public markets in general. Since these attacks can be devastating,1 OCIE has created guidelines for companies and firms intended to help prevent cyberattacks and minimize risk. Failure to follow these guidelines will likely result in OCIE issuing critical inspection reports or even making referrals to enforcement offices. To guard against disastrous cyberattacks, minimize both organizational and reputational risk, and prevent OCIE or enforcement penalties, companies and firms should understand and implement these guidelines at their earliest opportunity. This benefits both the organization (to avoid potential regulatory fines and penalties, and liability to other parties affected by a breach) and any investors and limited partners, who could potentially lose millions should there be a successful breach.
