Cybersecurity has increasingly become a critical issue for all types of businesses, few more so than broker-dealers, investment advisers and others in the financial sector.
The threat of a cybersecurity breach is unfortunately one of the ongoing business risks companies face n the current operating environment. For that reason, corporate disclosures of cyber-breach related risks have been a priority of the SEC’s Division of Corporate Finance as well as the agency’s new Chair, Mary Jo White.
On October 28, OSFI released its Cyber Security Self-Assessment Guidance (the “Guidance”) to aid Federally Regulated Financial Institutions (“FRFI”) in assessing its level of preparedness against cyber risks. The Guidance was drafted in response to OSFI’s Plans and Priorities for 2013-2016, a plan that emphasizes vigilance against the increasing frequency and sophistication of cyber threats.
Cyber security is top of mind for companies, and cyber-security oversight is top of mind for corporate directors. I recently co-moderated a panel discussion for directors on board oversight of cyber security and cyber-security disclosures. I thought I’d share my thoughts on some of the key issues.
As practitioners are aware, in February 2013, President Obama issued an executive order directing federal agencies to create a set of voluntary cybersecurity standards and procedures for critical parts of the private sector.