On 9 February 2022, the SEC voted to propose rules related to cyber security risk management for registered investment advisers and registered investment companies in a clear signal that firms who are not prepared to address cybersecurity risks will need to take action.