Will Your Cybersecurity Program Hold Up to Regulatory Scrutiny?

Connect with our Cyber team today!


Talk to ACA

In February 2022, the Securities and Exchange Commission (SEC) released proposed Rule 206(4)-9, which includes a range of new requirements for organizational cybersecurity practices and cyber incident reporting. The proposed rule memorializes the guidance the SEC has been publishing since 2014. The key difference? Firms will need to formalize and document their program.   


With the current cyber threat landscape and proposed SEC cyber rule, firms should not wait for the rule’s ratification to become compliant. At a minimum, under the proposed rule firms will be expected to: 

Disclose information about certain "cybersecurity risks" and "cybersecurity incidents: to current and prospective clients, investors, and/or shareholders  

Report any "significant adviser cybersecurity incidents" to the SEC shortly after the incident within 48 hours

Adopt and implement cybersecurity policies and procedures that are reasonably designed to address cybersecurity risks

Enact more active fund board oversight and stricter record-keeping practices 


It is recommended that firms evaluate their program and compare their current state of cybersecurity policies and procedures against the proposed requirements, validate compliance through documented examples, identify gaps where there may be missing policies, procedures, or formal evidence of compliance. 


ACA Aponix® can help your firm develop, implement, and maintain the required information security program necessary to meet the SEC's regulatory requirements. Our team can provide support through:

Cybersecurity and Technology Risk Assessments and Compliance Readiness

• Staff Training and Phishing Policy Development

• Penetration Testing​

• Threat Intelligence/Monitoring

• Data privacy compliance assessments

• Vendor Due Diligence services

• Portfolio Company Oversight

• Policy Development

• Technology, Cybersecurity, and Privacy Risk Assurance Advisory Services, and More 

Do you have the bandwidth necessary to focus on cybersecurity? 

Our award-winning team can help to ease the burden and build a cyber program made to withstand the evolving risk landscape. 


Ready to learn more? Complete the form above to talk with our cybersecurity team about your unique needs and our customized solutions.