Moving forward, expect to see the SEC promote more hardening of cybersecurity policies for fund managers. While the above themes represent some relevant areas the agency is encouraging, there is anticipated level of maturation that the SEC will push fund managers to evolve to. Among the areas they are focused on are:
- Moving beyond documentation: dynamic cyber policies — The SEC does not view cyber policies as documents that collect dust. The policies should embrace innovation, adapting along with advancements in generative AI tools. While these technologies offer insights and efficiency, they come with challenges, including potential misinformation or embedded biases. Therefore, policies should be flexible enough to evolve with changing technologies and align with objectives.
- Developing an agile response mechanism — With the overarching goal of strengthening cybersecurity defenses, the SEC's guidance revolves around what can be called "muscle memory." The SEC aims for a coordinated and efficient approach, from identifying incidents to handling communications. This includes conducting regular assessments, maintaining an incident response team and training employees. Fund management should be prepared for taking immediate incident response actions.
- The impact of AI: a revolution, with consequences —The appeal of AI is undeniable, as it presents efficiency and valuable insights. However, it is also a domain that comes with risks. Cyberattackers are utilizing AI to rapidly identify vulnerabilities in systems. Traditional defense mechanisms such as signature-based detections may not be sufficient to withstand AI-driven attacks. This highlights the importance of oversight, as with Europe's recent introduction of privacy regulations regarding AI.
Europe has already taken the lead by implementing privacy laws specifically focused on AI in June this year. The key lesson here is to harness AI's benefits while remaining cautious and vigilant.
The heightened focus on cybersecurity by the SEC emphasizes a new era in which fund managers must adopt both defensive and proactive measures. It is crucial for organizations to understand the cybersecurity implications of new technologies such as AI. The objective of the SEC is clear: to not only ensure fund managers comply with regulations, but to empower them as leaders in building digital resilience.
Ray Soriano is a director within EisnerAmper Digital. He is based in Miami, Fla. This content represents the views of the author. It was submitted and edited under Pensions & Investments guidelines but is not a product of P&I's editorial team.