Client Alert: The SEC Provides a Roadmap to Better Cybersecurity

On January 27, 2020, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a report summarizing the types of cybersecurity practices being implemented by organizations it has reviewed. The report provides a useful summary of the components of an effective cybersecurity program applicable to all companies.  For SEC registrants in particular, it is reasonable to expect the SEC to consider these practices to be the baseline for public company cybersecurity programs, including when examining registrants and in connection with investigations and enforcement actions.