Purpose To analyze how the US Securities and Exchange Commission (SEC) has sanctioned broker-dealers (BDs) and registered investment advisers (RIAs) when cybersecurity breaches have occurred and to discuss whether the SEC is imposing a strict liability approach. Design/methodology/approach...