Cybersecurity has long been a priority of the SEC. Despite this long focus, the agency increased its attention to cybersecurity preparedness and breach mitigation awareness when its Office of Compliance Inspections and Examinations (OCIE) announced multiple cyber sweeps of fund managers in 2019. See “How Fund Managers Can Prepare for the Latest SEC Cyber Sweeps
” (Jul. 16, 2019). Specifically, OCIE has directed its sweeps at the cyber practices of investment managers with several branches or those that underwent mergers and acquisition activity, as well as at unearthing issues with cloud-service providers, vendor diligence and oversight. This is all, of course, in addition to the inherent business, reputational and financial risks of any fund manager experiencing a cyber breach. To prepare fund managers for regulatory scrutiny in this area, the Private Equity Law Report is highlighting five articles from its historical archives that explore important cybersecurity issues, including mitigating risks at the portfolio company level; satisfying SEC disclosure expectations; understanding the appeal and downsides of multi-factor authentication; learning from a landmark identity theft red flag rule settlement; and navigating the market for cybersecurity insurance. Next week (the week starting November 4, 2019), the Private Equity Law Report will resume its normal weekly publication.