The SEC’s new and proposed rules on cybersecurity and cyber-incident reporting will have a dual impact on private investment advisers and funds. 

First, the proposal by the SEC will impose cybersecurity related obligations on investment advisers, registered investment companies and business development companies, with a final rule in this sector (the “adviser cybersecurity rule”) expected in April 2024. 

Last year, we wrote, “The regulatory and litigation risks for private funds are greater than at any time since the financial crisis in 2008.” That statement is even more true today. The Wall Street Journal recently published separate front-page stories on an SEC initiative to oversee large private companies and the explosive growth of the private credit industry (suggesting a more active phase of regulatory oversight). Growth itself is not necessarily a risk, but disputes – and regulators – tend to follow capital.

Private funds are now an integral part of the global economy and, as a consequence, are affected by it. Currently, there are massive structural changes occurring simultaneously across industries and the economy as a whole. For example: cryptocurrencies could threaten legacy payment systems and currencies; the electrification of the auto industry may lead to obsolescence of the internal combustion engine; and climate change will increase the ESG groundswell. These changes are not merely disruptive; they are transformative.

The regulatory and litigation risks for private funds are greater than at any time since the financial crisis in 2008. Just a few examples prove the point: the pandemic (which caused extraordinary volatility in revenues and valuations for most asset categories); a new administration in Washington D.C. (with a more

A cyber breach can have serious legal, financial, and reputational consequences for a fund sponsor, as described in our previous post. As such, cybersecurity threats must be treated as business risks, not just a potential IT problem. Senior management at fund sponsors should take the lead to ensure that the sponsor is taking appropriate actions to protect itself against cyber risks. There are several steps that senior management can guide the fund sponsor to take to prevent breaches from occurring and to mitigate the impact when they do occur.