Cybersecurity policy may still be very much a work in progress at the SEC, but officials increasingly are expecting advisors to have a baseline set of policies and procedures in place to safeguard clients' data, compliance experts caution.

The SEC has yet to produce or even propose any binding rules regarding cybersecurity, but officials have been sending strong signals that they expect firms of all sizes to put in place policies and procedures to protect sensitive information.