NAVIGATING THE MAZE OF SEC CYBERSECURITY REQUIREMENTS FOR RIAS

You don’t have a massive compliance department, but the SEC still expects you to manage complex cyber risks. The 2024 Regulation S-P amendments have expanded the definition of “sensitive information” and mandated written Incident Response Programs (IRP) for every SEC RIA, regardless of size.

Join Jonathan Addington (CEO, CyberSecureRIA) and David R. Millar, J.D. (President, Integrity Compliance Consulting / RIA Made Easy) for a tactical, “no-fluff” session designed specifically for firms with under $1.5B AUM. We’ll skip the legalese and focus on the practical “detect, respond, and recover” loops you need to have in writing before your June 2026 compliance deadline.

About the co-hosts:

  • Jonathan Addington is the CEO of CyberSecureRIA and president of JM Addington Technology Solutions, helping independent RIAs build practical, audit-ready cybersecurity programs aligned with SEC expectations.
  • David R. Millar, J.D. is the President and co-owner of Integrity Compliance Consulting, Inc. (Easy-RIA / RIA Made Easy), an RIA registration and ongoing compliance firm that helps advisers launch RIAs and stay compliant through day-to-day support and advertising review.

What we will cover:

  • The “Assume Breach” Shift: Understanding why the burden of proof is now on you to demonstrate data wasn’t compromised.
  • Vendor Oversight: Specific clauses you need to add to your contracts to ensure vendors notify you within 72 hours of a breach.
  • Incident Response 101: How to build a “Detect, Respond, Recover” loop that satisfies the new written requirements.
  • Cost Analysis: A look at the real costs of notification—from $10 to $35 per client—and how to avoid them.
  • Bonus: All attendees will receive a practical checklist to help map current policies against the new rule line-by-line.

REGISTER FOR THE WEBINAR HERE