While the SEC has provided some guidance and taken on a limited number of actions, the state of its cybersecurity enforcement program is still unclear to many companies. At the recent IAPP Global Privacy Summit, two SEC officials, Stephanie Avakian, Acting Director of the SEC Division of Enforcement, and Shamoil Shipchandler, SEC Regional Director for the Fort Worth Regional Office, spoke candidly on the agency’s plans and approach. This first part of our article series covering their discussion includes their views on which enforcement actions serve as the best guidance, how they identify new cases, enforcement trends and coordination with law enforcement and state regulators. Part two will include their insights on the SEC’s cybersecurity examination process and guidance on corporate disclosures. See “SEC Emphasizes Protecting Information From More Than Just Cyber Threats in Deutsche Bank Case” (Oct. 19, 2016).