SEC’s New Cyber Observations Highlight Operational Resiliency

4 February 2020
View Debevoise In Depth
Key takeaways:
  • The observations reveal a notable expansion of OCIE’s focus to include mobile security and operational resiliency. Private sector companies should review these components of their programs, and regulated entities should expect relevant questions in their next OCIE exam.
  • OCIE’s observations also underscore the role of non-technical teams in a cross-functional and firm-wide approach to cyber risk mitigation and response.
  • OCIE encourages sharing e-threat intelligence through known industry and government information sharing platforms, such as the Department of Homeland Security portal and the Financial Services Information Sharing and Analysis Center.