Many advisers disagree with the new Form ADV-C, a proposed SEC rule requiring that the industry report cybersecurity incidents within 48 hours.
The SEC recently proposed Form ADV-C, a rule requiring that those in the industry report cybersecurity incidents to the Commission within 48 hours. Advisers are concerned with this proposal for many reasons: not only does it interrupt and delay their work, but it poses a severe threat to the firm as a whole.
The time frame is brief and hardly allows advisers enough time to even remedy the incident, much less report it to the SEC. Terms throughout the form are broad, often undefined and conflicting with existing regulations. Under proposed Form ADV-C, cybersecurity companies must publicly disclose private company information, such as whether or not they carry insurance – making them a massive target for hackers. The overall security of the suggested guidelines has been called questionable at best and dangerous at worst.
- Source: https://www.barrons.com/advisor/articles/sec-cybersecurity-proposal-small-advisors-51649852669
- BW’s Managed Detection and Response: https://www.bwcyberservices.com/services/managed-detection-response/