The SEC’s Cybersecurity Enforcement Action: Rulemaking by Enforcement
The Securities and Exchange Commission recently brought an enforcement action against an investment adviser that, like a large number of companies, was the victim of a cyberattack. Although the SEC did not allege that any of the firm’s clients suffered harm, the Commission nonetheless sanctioned the firm for its allegedly unreasonable policies and procedures.
In their article for Law360, “The Problems with SEC’s Cybersecurity Approach,” Sutherland attorneys Brian L. Rubin and Charles M. Kruly challenge the SEC’s order, which sanctioned a victim (the investment adviser) for failing to establish certain “best practices.” They discuss the implications of the SEC’s choosing to proceed by way of an enforcement action and consider alternative approaches the SEC could have taken.
View the full article.