Cybersecurity, the SEC and You

Cybersecurity graphic

As markets grow more global and complex, so too are the threats through cyber intrusion, denial of service attacks, manipulation, misuse by insiders and other cyber misconduct. In the United States, aspects of cybersecurity are the responsibilities of multiple government agencies, including the SEC. Cybersecurity is also a responsibility of every market participant. The SEC is committed to working with federal and local partners, market participants and others to monitor developments and effectively respond to cyber threats.


Investors increasingly rely on the internet to open investment accounts, check up on their holdings and make securities transactions. The SEC provides valuable guidance, including an Investor Alert and Investor Bulletin to help investors get in the know and protect themselves from cyber threats.



The SEC provides cybersecurity guidance to help broker-dealers, investment advisers, investment companies, exchanges, and other market participants protect their customers from cyber threats. The agency also keeps a watchful eye over market participants, including by making cybersecurity a priority of its National Exam Program.



The SEC uses its civil law authority to bring cybersecurity-related enforcement actions that protect investors, hold bad actors accountable and deter future wrongdoing.

SEC Resources

Investment Advisers/Investment Companies

Regulation S-P

Regulation S-ID

Subpart C - Regulation S-ID: Identity Theft Red Flags

Adopting release

Compliance Rules

Investment Company Act Rule 38-1

Investment Advisers Act Rule 206(4)-7

Adopting release for ICA Rule 38-1 and IAA Rule 206(4)-7 (see Section II(A)(1) of the Adopting Release, which provides additional information about issues that the policies and procedures of funds or advisers should consider, certain of which are related to cybersecurity)

Engaging Government Agencies and Industry

Cybersecurity Guidance for Investment Advisers and Registered Investment Companies

Guidance on Business Continuity Planning for Registered Investment Companies

Assessing Market Participant Readiness

OCIE May 2017 – Cybersecurity: Ransomware Alert

OCIE September 2015 Cybersecurity Examination Initiative

OCIE Summary of 2014 Cybersecurity Examination Sweep

SEC Cybersecurity Roundtable

Self Regulatory Organizations

Regulation SCI

SEC Cybersecurity Roundtable

External Resources

Are You Cyber-Savvy?

Take the quiz!


The SEC Division of Enforcement’s IT Forensics Lab hosts a highly specialized team of forensic analysts to assist in digital investigations, including cyber investigations.

Email Updates

Signup for news about this topic.