With its new Investment Management Guidance Update on cybersecurity, the SEC is “now looking at more comprehensive assessment of controls and threats, not just from external sources but also internal sources,” Marc Lotti, a partner at ACA Aponix, told the Cybersecurity Law Report.  “Right now, investors and SEC don’t see [disregarding technology risk] as ignorant, they see it as negligent.”  The Guidance discusses actions that investment advisers and companies should consider to mitigate those risks and enhance their cybersecurity programs.