The High Cost of Minimal Effort: Cybersecurity Risks in Financial Services

June 4, 2024

In a recent webinar, Silver’s CEO, Fizza Khan, sat down with Kyle Blair, Director of Financial Services at Egnyte, to discuss how the new cybersecurity regulations aim to fortify defenses, improve response times and make financial services institutions more proactive in protecting sensitive information and customer data.

As the number of cybersecurity threats increases, government and regulatory bodies continue to tighten the security requirements for financial institutions. In a webinar that took place on May 1, 2024, Silver’s CEO, Fizza Khan, sat down with Kyle Blair, Director of Financial Services at Egnyte, to discuss how the new regulations aim to fortify defenses, improve response times and make financial services institutions more proactive in protecting sensitive information and customer data.**

A video of the full webinar is below, as well as key takeaways from the discussion:

The following three key regulatory amendments will usher in a fairly sizeable shift in the way cybersecurity is managed:

1. Cybersecurity risk management amendment – This was originally proposed in February 2022 and centers on the SEC providing new cybersecurity risk management rules to those firms that are governed by both the Investment Advisers act and the Investment Company Act. The key takeaway with respect to this proposal is that everyone in the financial services community – investment advisers and registered funds – will need to adopt comprehensive cybersecurity policies and procedures, as well as report significant cybersecurity incidents directly to the SEC.
2. Regulation SCI – also known as regulation systems compliance and integrity – goes to the heart of technological and operational resiliency and is currently being amended. The amendments would allow for an expansion of this regulation and broaden the scope of the entities covered under it, which would include security-based SWAP repositories, certain broker dealers, and all exempt clearing agencies. As a result, those institutions that normally wouldn’t be under the purview of the SEC as it relates to their cybersecurity and data protection requirements, now by way of this amendment would be. If you are covered by Reg SCI, you need to ensure that you enhance your existing requirements by way of mandating comprehensive policies and procedures, which are meant to capture the entire lifecycle of the management of the firm and what they do in terms of their data and what they are doing in respect to cybersecurity. All of the elements of cybersecurity and data protection need to be interwoven.
3. Regulation S-P – This regulation focuses on the privacy of customer and client personally identifiable information (PII). The proposed amendments would require that customers’ and clients’ PII is not only protected, but the firm would need to notify its customers and clients if a breach of their PII has occurred. [UPDATE: On May 16, 2024, the SEC announced that it adopted amendments to Regulation S-P that require broker-dealers, registered investment companies and registered investment advisers to adopt written policies and procedures creating an incident response program to deal with unauthorized access to customer and client PII, including procedures for notifying persons affected by the incident within 30 days. The amendments are substantially identical to the proposals in the 2023 proposing release. This webinar took place before these amendments were adopted.]

Communication is vital – You also want to ensure you can convey to your client and customer base the type of protections you have in place and, most importantly, that you aren’t just superficially adding policies and procedures – it actually has to be implemented and not just on paper.
Awareness and training are key. This is a firm wide exercise. Look at where your risks are – this will help you figure out how to implement a program across your firm and navigate the space.
Be prepared. The idea is not to disrupt day-to-day business – we want to ensure you are as efficient as possible. But not having some sort of plan in place to address the potential risks associated with cyber-attacks is, in this day and age, akin to walking around without insurance. Hopefully you never need it, but if you do, you will be very grateful you have access to it.

If you have any questions about navigating comprehensive cybersecurity procedures and protocols, or your firm’s compliance program, please reach out to a member of Silver’s Compliance Team at [email protected].

** NOTE – On May 16, 2024, the SEC announced that it adopted amendments to Regulation S-P that require broker-dealers, registered investment companies and registered investment advisers to adopt written policies and procedures creating an incident response program to deal with unauthorized access to customer and client personally identifiable information, including procedures for notifying persons affected by the incident within 30 days. The amendments are substantially identical to the proposals in the 2023 proposing release. This webinar took place before these amendments were adopted.

Share the Post:

Filter by Topic

SilverVision Archive

The Crypto Current, Vol. 2 – The Clock is Ticking for CLARITY

April 13, 2026 No Comments

Momentum around crypto regulation is building — but legislation is not. As Senate progress stalls, this edition of The Crypto Current examines the structural, political, and policy barriers delaying market structure reform and the implications for compliance frameworks across the industry.

2026 PRI Reporting Guide

April 1, 2026 No Comments

PRI’s 2026 Transparency Reporting season is fast approaching, and for many Signatories, this year’s process will look very different from prior cycles. With a significantly revised framework, fewer indicators, and new mandatory requirements, now is the time to understand what has changed before the reporting window opens on May 6 and closes on July 29.

Regulation S-P Amendments Shift the Compliance and Cybersecurity Landscape: What the Amendments Mean and How Firms Can Navigate Them

March 31, 2026 No Comments

The SEC’s amendments to Regulation S-P (Reg S-P) reflect heightened expectations for how financial firms protect customer information, respond to incidents, and oversee service providers. With tighter notification timelines and more explicit documentation requirements, the amendments serve to remind investment advisers that compliance and cybersecurity are operational priorities.

Fizza’s Guide to What’s Inside – Q1 2026

March 30, 2026 No Comments

Q1 2026 has been a reminder that for private fund managers, regulatory change is not slowing down and neither are the expectations that come with it. In the upcoming edition of Silver’s Regulatory Recap, we are focusing on several developments that we believe are especially important to have on your radar right now.

2025 Sustainability Regulation Recap: The Updates That Matter and How to Prepare for 2026

February 9, 2026 No Comments

The past few years have produced a seemingly unending deluge of changes and updates to sustainability regulations and standards, and 2025 was no different. In this article, Silver’s Sustainability Risk & Strategy team summarizes all the activity from 2025 and provides key items investment managers need to be aware of, along with practical steps for addressing these changes in 2026.

Silver Expands Global Footprint with London Presence to Serve UK and EU Clients

February 2, 2026 No Comments

This expansion underscores Silver’s commitment to helping clients navigate evolving global regulatory frameworks and provide on-the-ground advisory services to our clients.