Ensure Compliance with SEC Rule 10

Let our team of cyber security risk experts help!

The SEC has advanced a new cybersecurity proposal, Proposed Rule 10, that has severe implications for your market entity clients and their board members

Although Proposed Rule 10 is not yet enforceable, organizations should be proactive in their approach by evaluating their cybersecurity policies, procedures, and controls, including that of their third-party vendors.

  • It proposes a new reporting obligation requiring organizations to provide the SEC with immediate electronic notice if a significant cybersecurity incident takes place. Rule 10 introduces a new form, proposed Form SCIR (“Form”), in two parts.

    - Part 1 must be filed with the SEC after any significant cybersecurity incident.

    - Part 2 of the Form requires organizations to publicly disclose summaries of significant cybersecurity risks and incidents during the calendar year.

  • All market entities (including broker-dealers, the Municipal Securities Rulemaking Board, clearing agencies, major security-based swap participants, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents) which for purposes of Rule 10 are defined as “covered entities.”

  • Violating SEC regulations can have serious consequences for individuals and companies depending on the severity of the violation. This includes civil and criminal penalties, fines, and even imprisonment. This rule holds board members liable, in addition to company officers.

    Leviathan Security Group, has a highly qualified team of risk, compliance, and cyber security professionals who can deliver a concise presentation to your covered entity clients on the ramifications of Proposed Rule 10. Additionally, we can provide invaluable recommendations on effective risk mitigation strategies and ensuring compliance.  Don't hesitate to reach out to us to schedule a brief yet impactful presentation on this important topic.

Are you ready for SEC Rule 10?

Gain peace of mind and confidence in your compliance efforts by partnering with Leviathan Security Group

How can Leviathan Security Group help?

    • Conduct a Security Risk Assessment

    • Develop policies and procedures

    • Implement security controls

    • Continuously monitor and improve

    • Provide security awareness and training

    • Traditional Red Teaming

    • Assumed Breach Testing

    • Purple Teaming

    • Adversary Simulation

    • Vendor Third-Party Risk Assessment

    • Vendor Third-Party Data and System Assessment

    • Continuous Vendor Third-Party Compliance Review

  SEC Rule 10 FAQs

  • Proposed Rule 10 is a cybersecurity proposal by the SEC that introduces new reporting obligations for organizations related to significant cybersecurity incidents.

  • No, Proposed Rule 10 is not yet enforceable.

  • Organizations should be proactive in their approach to cybersecurity by evaluating their cybersecurity policies, procedures, and controls, including those of their third-party vendors.

  • Form SCIR is a new form introduced by Proposed Rule 10 that organizations must use to report significant cybersecurity incidents to the SEC.

  • Part 1 must be filed with the SEC after any significant cybersecurity incident, while Part 2 requires organizations to publicly disclose summaries of significant cybersecurity risks and incidents during the calendar year.

  • All market entities, including broker-dealers, the Municipal Securities Rulemaking Board, clearing agencies, major security-based swap participants, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents, are defined as "covered entities" for the purposes of Rule 10.

  • Violating SEC regulations can have serious consequences, including civil and criminal penalties, fines, and even imprisonment. Board members can also be held liable in addition to company officers.

  • Leviathan Security Group has a team of risk, compliance, and cybersecurity professionals who can provide a concise presentation to covered entity clients on the ramifications of Proposed Rule 10 and offer recommendations on effective risk mitigation strategies and compliance.

READY TO GET STARTED?