March 9, 2022
There needs to be AUM limits to this proposal 10 billion plus. Or simply require firms to have a minimum amount of cybersecurity insurance (calculated based on AUM) which would then force firms to jump through the hoops mandated by their insurance carrier. The relentless rule proposals that the SEC continues to come out with is burdensome, ineffective, and hurts small advisers. Nearly all small firms do not have internal databases, intranets, or on-prim servers and so the almost all of PII that is at rest is stored with the large custodians or on large CRM providers who all have SOC 2 Type 2 audits. Further, the proposal in its entirety is unnecessary as it will do nothing to stop end user human error (say by clicking a phishing email, being a target of a social engineering scheme, etc.). It is also unnecessary because firms who are living up to their fiduciary duty are already engaged with IT providers to provide cybersecurity defense. I mean heck didn't the SEC get hacked a few years ago, an organization with an endless budget of taxpayer dollars. The nerve to turnaround and propose additional undue burdens on small business is sad. Shame on you all and good day.
When you see that in order to produce, you need to obtain permission from men who produce nothing - when you see that money is flowing to those who deal, not in goods, but in favors - when you see that men get richer by graft and by pull than by work, and your laws don't protect you against them, but protect them against you - when you see corruption being rewarded and honesty becoming a self-sacrifice - you may know that your society is doomed.