Abacus Group’s Post

On May 16, the Securities and Exchange Commission (SEC) announced the adoption of amendments to Regulation S-P to modernize and enhance the rules governing the treatment of consumers’ nonpublic personal information by certain financial institutions. The amendments update the requirements for broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents (collectively, “covered institutions”) to address new technology development and cybersecurity risks. The amendments will become effective 60 days after publication in the Federal Register. Larger entities will have 18 months after the date of publication in the Federal Register to comply with the amendments, and smaller entities will have 24 months after the date of publication in the Federal Register to comply. The amendments also require covered institutions to notify affected individuals whose sensitive customer information was or is reasonably likely to have been, accessed or used without authorization. The amendments require a covered institution to provide the notice as soon as practicable, but not later than 30 days, after becoming aware that unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred, except under certain limited circumstances. A notice must include details about the incident, the breached data, and how affected individuals can respond to the breach to protect themselves. Read more - https://lnkd.in/gPcZCrU9 #SEC #CybersecurityRisks #InvestmentAdvisors #DataBreach

The US Securities and Exchange Commission (SEC) has adopted new rules requiring publicly listed firms to disclose serious incidents within four days. The regulator voted 3-2 to adopt the rules. The four-day period will start from the time a cyber-incident was determined to be “material.” Registrants will need to disclose on a new Item 1.05 of Form 8-K details on the incident’s nature, scope, timing and impact or “reasonably likely material impact,” the SEC said in a note yesterday. #cyberriskmanagement #cyberincidents #riskmanagement https://lnkd.in/ekWWJVuh

The fall RegFlex agenda has been published and includes the Safeguarding Rule, the Outsourcing Rule, the Form PF/CFTC Rule, ESG Rule for Investment Advisers, cybersecurity for Investment Advisers all slated for 1Q2024. Seems unlikely. #regflex #regulation #privatefunds https://lnkd.in/e4xnnR_G

The Securities and Exchange Commission (SEC) announced new rules requiring certain kinds of financial institutions to have well-defined plans for what to do when a data breach involving customer information occurs. The new amendments come right as companies are easing into new incident reporting regulations from the SEC that force public companies to notify the agency of “material” incidents. #IdentitySecurity #cybersecurity

The Securities and Exchange Commission (SEC) announced new rules requiring certain kinds of financial institutions to have well-defined plans for what to do when a data breach involving customer information occurs. The new amendments come right as companies are easing into new incident reporting regulations from the SEC that force public companies to notify the agency of “material” incidents. #IdentitySecurity #cybersecurity

The Securities and Exchange Commission (SEC) announced new rules requiring certain kinds of financial institutions to have well-defined plans for what to do when a data breach involving customer information occurs. The new amendments come right as companies are easing into new incident reporting regulations from the SEC that force public companies to notify the agency of “material” incidents. #IdentitySecurity #cybersecurity

Ever heard of the SEC? They're basically the financial world's hall monitor, making sure everyone plays by the rules. Well, guess what? They just rolled out some new guidelines to help keep your customers' data safe. The SEC is cracking down on financial institutions (like banks and credit unions) to make sure they have a plan in place in case of a cyberattack. This plan, called an "incident response program," needs to outline what happens if a hacker stumbles onto your customers' info. Think of it like a fire drill, but for data breaches. The most important part? You (the financial institution) gotta tell your customers if their information gets exposed. This means sending out clear notices explaining what happened, what data was leaked, and how your customers can protect themselves. Transparency is key! So, what does this mean for you, the small business owner? Well, it's a good thing! The SEC is making it easier for everyone to stay informed about their financial data. And hey, strong cybersecurity is good for everyone's peace of mind, right? But here's the question... How can small businesses, without a massive IT department, step up their cybersecurity game? Let's chat in the comments! #cybersecurity #dataprivacy #financialinstitutions #smallbusiness https://hubs.ly/Q02y6H3W0

🔐 Taking control of your data. How secure is your personal information, and what are the practical steps you can take in order to safeguard your data? Let’s engage in sharing insights, and collectively addressing the challenges of preserving privacy in a data-centric world. Below are some links to resources you might want to check out. 🌐 Learn more about how to protect yourself online here. 👉 https://lnkd.in/gqhmfF-A #StayInformed #StayVigilant #DataPrivacyWeek #DigitalSecurity #Secure #Finance #CKMAdvisers #CKM #FinancialPlanning

(Cybersecurity Dive) The regulatory agency’s rule change comes less than a year after it required publicly traded companies to disclose material security incidents within four business days. Dive Brief: 🔹 The Securities and Exchange Commission will soon require certain financial institutions to notify individuals within 30 days of determining their personal information was compromised in a breach. 🔹 “Over the last 24 years, the nature, scale and impact of data breaches has transformed substantially,” SEC Chair Gary Gensler said Thursday in a statement. “The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.” 🔹 The adopted amendments to Regulation S-P, which apply to broker-dealers, funding portals, investment companies, registered investment advisers and transfer agents, also requires covered entities to develop and implement formal policies and procedures for incident response. #SEC #RegSP #Buckler #regulations #cybersecurity #cybersecurityregulations #cybersecuritypolicies #cybercompliance #BrokerDealers #Advisers #Advisors #RIA #RIAs #policies #policiesandprocedures #breaches #databreaches #FinancialServices https://lnkd.in/eE46a8K7

I find this really interesting as not all breaches are created equal. There are breaches that result in ransomware, data loss, privacy loss and financial impact from things like Business Email Compromise (BEC). Then there are “breaches” that if detected quickly and remediated, have no impact to your business. Should both types of breaches be reported on the same way given a very different outcome? Thanks for sharing Ryan Patrick #cybersecurity #cyberbreach #detectionandresponse #cyberresilience #businessresilience #notallbreachesarecreatedequal