On March 24, 2022, the Hedge Fund Law Report published an article on the recently proposed cybersecurity rules for investment advisers and registered investment funds, which featured an interview with Avi Gesser, Co-Chair of the Debevoise Data Strategy and Security Practice:   SEC Proposes Cyber Risk Management Rules for Advisers

The article discusses the following aspects of the proposal:

  • Rationale for the Proposal
  • Regulatory Framework
  • Cybersecurity Policies and Procedures
  • Annual Review and Report
  • Governance and Oversight
  • Risk Assessments
  • User Security and Access
  • Information Protection
  • Threat and Vulnerability Management
  • Incident Response
  • Mandatory Reporting of “Significant” Cybersecurity Incidents
  • Form ADV‑C
  • Cybersecurity Risk and Incident Disclosures
  • Recordkeeping
  • Requests for Comments

You can read the full article here.

Author

Avi Gesser is Co-Chair of the Debevoise Data Strategy & Security Group. His practice focuses on advising major companies on a wide range of cybersecurity, privacy and artificial intelligence matters. He can be reached at agesser@debevoise.com.