Written by: Christopher Mortara Cybersecurity has been and will continue to be a focus by industry regulators. How important has this theme been? It is so important that the SEC has included cybersecurity in its annual examination priorities for the last five years. The SECs 2019 examination priorities indicate the focus areas will include proper configuration of network storage devices, information security governance, and policies and procedures related to retail trading information, risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.The SEC announced in March 2019 it would be conducting its third round of cybersecurity sweep exams. The prior sweeps occurred in 2014 and 2017. The first two sweeps were similar in the scope. The Office of Compliance Inspections and Examinations (“OCIE”) examined firm policies and procedures and the documentation supporting that these policies were being followed. Issues identified included procedures that provide general guidance, limited examples of safeguards for employees, and are generally too vague. The staff also noted in a number of cases firms were in fact not enforcing their policies and procedures, or the policies and procedures did not reflect the actual practices.In May 2019, a Risk Alert was issued by the SEC regarding the safeguarding of customer records and information within firms network storage, as well as the use of third-party security features. During the course of examinations, OCIE noted misconfigured network storage solutions, inadequate oversight of vendor-provided network storage solutions, and insufficient data classification policies and procedures. The alert communicated that effective policies and procedures should address initial installation, ongoing maintenance, and vendor management.Threats around cybersecurity will only continue to increase, where nefarious individuals and organizations are seemingly never ending, creating phishing schemes and a variety of ways to infiltrate firm systems.