Cybersecurity is one important element of an investment manager’s overall regulatory compliance responsibilities. Although not explicitly required by SEC regulations, it is clear that the SEC and other regulators expect fund managers to test for cybersecurity vulnerabilities and preparedness. A recent program sponsored by K&L Gates and the Investment Advisors’ Association featuring experts from those entities as well as BNY Mellon and Nth Generation explored the most effective and efficient testing methods This article, the second in a two-part series, discusses testing approaches; vulnerability assessments; penetration testing; and recent SEC and private litigation on cybersecurity matters. The first article
summarized the panelists’ discussion of the legal and compliance framework for cybersecurity testing; testing considerations; and how to leverage OCIE’s recent cybersecurity examination initiative to improve cybersecurity compliance and testing. See also “The SEC’s Two Primary Theories in Cybersecurity Enforcement Actions
” (Apr. 8, 2015).