Regulator House Calls: Cybersecurity Examinations and Audits
Companies should be on alert that governmental regulator house calls, in the form of audits and examinations concerning cybersecurity, will only continue to increase.
May 04, 2015 at 07:40 AM
10 minute read
In the not-too-distant past, doctors made house calls to check in on their patients. For many patients, in-home examinations were efficient and comfortable—even preferred. Today, for some companies, “house calls”—in the form of examinations, visits or audits by federal and state governmental regulators—are becoming more frequent, particularly in the realm of cybersecurity. As news of the frequency and severity of cyberattacks increases every month, an increase in these house calls by regulators should not come as a surprise. Of course, regulators are not doctors, and companies' initial reaction to these visits is rarely positive.
Yet this is the new normal. Recent public statements and other announcements by governmental regulators—particularly those with oversight over financial services companies—signal increased attention and focus on cybersecurity preparedness in 2015. For example, in mid-January, the U.S. Securities and Exchange Commission highlighted the importance of assessing cybersecurity risks and preparedness, while also providing information on priorities and timing of their 2015 examination program. In mid-February, the SEC and the Financial Industry Regulatory Authority (FINRA) each published summaries of market assessments of cybersecurity risks conducted in 2014 through broker-dealer and (for the SEC) investment adviser examinations. Also in February, the head of New York's Department of Financial Services (DFS) signaled the department's consideration of new rules protecting against “an Armageddon-type” cyberattack on U.S. financial markets, and the agency released its “Report on Cyber Security in the Insurance Sector,” summarizing its own survey results and announcing increased focus on cybersecurity in examinations.
All of these developments should put companies on alert that governmental regulator house calls, in the form of audits and examinations concerning cybersecurity, will only continue to increase.
The SEC's Communications
In January, the SEC announced the 2015 examination priorities of its office of compliance inspections and examinations (OCIE), which examines structural risks and trends involving multiple firms or entire industries under SEC regulation. Demonstrating the focus the SEC has placed on cybersecurity, Chair Mary Jo White cautioned at a 2014 SEC roundtable that “the public and private sectors must be riveted, in lockstep, in addressing these threats.” Among the 2015 marketwide risks that the SEC has identified as a priority is “assessing cybersecurity controls across a range of industry participants.”
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1The Law Firm Disrupted: Playing the Talent Game to Win
- 2A&O Shearman Adopts 3-Level Lockstep Pay Model Amid Shift to All-Equity Partnership
- 3Preparing Your Law Firm for 2025: Smart Ways to Embrace AI & Other Technologies
- 4BD Settles Thousands of Bard Hernia Mesh Lawsuits
- 5A RICO Surge Is Underway: Here's How the Allstate Push Might Play Out
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250