Between audits by the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) and the increasing savviness of investors, being able to answer tough questions about cybersecurity has never been more important for hedge funds than it is today.
And the penalties for getting those questions wrong is probably only going to get higher — in December 2015, the head of the SEC’s enforcement division said the agency plans to be more aggressive in going after investment advisors who fail to protect customer information. While audits can be painful, the fallout of losing the confidence of investors in the wake of a failed security audit can be even more so.
In this paper we will explore what firms need to begin the process of organizing their response to cybersecurity audits well before the OCIE comes knocking at the door. Ultimately, that comes down to proper planning, documentation, and having a comprehensive understanding of the firm’s cybersecurity posture and risk level.
