In recent times, the SEC has been sounding the alarm to executives and boards of directors when it comes having appropriate cyber security measures in place. The SEC Office of Compliance Inspections and Examinations (OCIE) issued two Risk Alerts, one in April 2019 and one in May 2019, which emphasized problems associated with firms not establishing proper cyber security controls and not implementing existing policies effectively.
As cyberattacks “become virtually impossible to fend off,” more and more firms are seeking outside help to secure their systems. Banks and other financial firms are boosting their cyber security spending in a bid to safeguard their data, employees and customers.
“For small to medium-size firms, however, such spending is out of the question – even though they face the same challenges as larger firms,” said Alan Brill, Senior Managing Director with Kroll’s Cyber Risk practice, in an interview with Ignites. “These firms should consider hiring a ‘virtual’ chief information security officer. They should also conduct ‘tabletop exercises’ where they run through simulations of cyberattacks, and see where their incident response plan falls short.”
Subscribers of Ignites can read the full article here.