COVID-19 considerations for SEC cybersecurity guidance, disclosure, enforcement, and parallel proceedings: navigating the new normal

Abstract

Purpose To examine the COVID-19 pandemic’s effects on regulated entities within the context of cybersecurity, US Securities and Exchange Commission (SEC) compliance, and parallel proceedings. Design/methodology/approach Describes the SEC’s ability to conduct its operations within the telework environment, its commitment and ability to monitor the securities market, its enhanced monitoring of the adverse effects of SEC-regulated companies from COVID-19, its guidance to public companies of disclosure obligations related to cybersecurity risks and incidents, the SEC Office of Compliance and Examinations’s (OCIE’s) focus on broker-dealers’ and investment advisories’ cybersecurity preparedness, the role and activities of the SEC Division of Enforcement’s Cyber Unit, and parallel proceedings on cyberbreaches and incidents by different agencies, branches of government or private litigants. Findings SEC-regulated entities face many challenges in trying to maintain their ongoing business operations and infrastructure due to severe financial pressures, the threat of infection to employees and customers, and cybersecurity risks posed by remote operations from hackers and fraudsters. The SEC has reemphasized that its long-standing focus on cybersecurity and resiliency within the securities industry will continue, including ongoing vigilance over companies’ efforts to identify, assess, and address the inherent, heightened cybersecurity risks of teleworking and the resource reallocation that business need to sustain their operations until a safe and effective vaccine is developed for COVID-19. Originality/value Expert analysis and guidance from experienced lawyers with expertise in securities, litigation, government enforcement, information technology, data protection, privacy and cybersecurity.