What to Do Before, and After, a Cyberattack

Experts share best practices for responding to and minimizing impact of cyberattacks

After that key first step, firms should ensure all members of their incident response team, legal and technical, understand their roles and responsibilities.

Baritz stressed that firms need to understand whether, not just when, they need to report a breach to the SEC.

The last few years have been the most interesting in cybersecurity, Edelman said; there’s been “more movement” in protecting private client data in the last year than in the 30 years prior.

He noted that under the Sarbanes-Oxley Act, chief infomation officers’ personal assets can be at risk if a firm is found to have been negligent in protecting client data.

In a sentiment you don’t often hear, he added, “My hat’s off to the SEC,” noting that the financial services industry is the safest place for personal information.