New cybersecurity rule should add due diligence benefit (IGNITES)

The SEC’s new cybersecurity rule directed at public companies should offer asset managers and fund companies additional data in their reviews of outside vendors. Firms can now gather more information on public companies’ cybersecurity issues, including material risks and effects from cybersecurity threats, which under the rule will now need to be publicly disclosed. In the lead comments, Amy Lynch, FrontLine’s Founder and President, states that certain critical vendors that the asset management industry relies on will fall under the rule requirement, such as administrators, distributors, investment advisers and transfer agents. She explains that the new rule should allow for enhanced screening of these vendors by ensuring cybersecurity protocols are in place to protect firm data. While much of the information required by the rule to be disclosed has been commonly requested as part of standard due diligence practices, it can now be compared for consistency. Ms. Lynch adds that the rule requirements should technically make the vendor due diligence process more efficient, but its usefulness remains to be determined until public reporting companies begin providing information under the rule. SeeĀ IGNITES (subscription required), “SEC’s Cyber Rule Could Help Firms Detect Vendor ‘Red Flags'”