Cybersecurity is a high-risk point of discussion within the financial services sector. Cyberattacks can occur in various ways including: accidental events, deliberate insider attacks, third-party hacks perpetrated using a combination of strategies, such as malware, ransomware, phishing and spear phishing, and stolen access credentials, among others. Defense against cyberattacks is imperative to your business.


While the SEC’s Office of Compliance Inspections and Examinations suggests that FINRA’s membership implement fundamental Cybersecurity procedures, FINRA continues to report that Cybersecurity remains a top compliance risk to broker-dealers. SDDco Group firmly believes that Cybersecurity measures will remain a focus for FINRA moving forward. Although FINRA’s Cybersecurity guidelines have only been advisory, they are progressively becoming more detailed and demanding, which suggests that an implementation of strict rules may be on the horizon.

SDDco Cybersecurity Offerings:

Annual Penetration Testing

Customized Policies and Procedures

Incident Response Planning and Coaching

Employee Quarterly Cybersecurity Training

Email Enticement Phishing Testing

Vendor Due Diligence

Initial and Annual Risk Assessments

It’s Time to Leverage the Power of SDDco CYBER for Your Firm


On February 21, 2018, the Securities and Exchange Commission voted, in a unanimous decision, to approve an interpretive guidance (“the Guidance”) in assisting public companies when providing disclosures about cybersecurity risks and incidents. The Guidance, in effect as of February 26th, provides the Commission’s views about cybersecurity disclosure obligations under existing law and addresses the importance of cybersecurity policies as well as the application of disclosure controls and procedures.


While the SEC’s Guidance was written as a directive for public companies particularly, we at SDDco Group believe that many aspects are applicable to the financial services industry as a whole. Additionally, we view this Guidance as a foreshadowing of more stringent regulations that the SEC and FINRA will likely place on broker-dealers, specifically.

For financial firms licensed and doing business in New York state, all regulated entities and licensed persons of the Department of Financial Services (DFS) were required to file a cybersecurity regulation Certification of Compliance under 23 NYCRR 500 by February 15, 2018.

Armor Your Network Against Vulnerabilities

SDDco Cybersecurity Cover

Learn More by Downloading Our Cybersecurity Alerts

Learn More by Downloading Our Cybersecurity Coverage Summary

Cybersecurity Compliance


Speak to an SDDco Consultant

  • This field is for validation purposes and should be left unchanged.

Subscribe to the SDDco Perspective Newsletter

  • This field is for validation purposes and should be left unchanged.