The Securities and Exchange Commission’s new cybersecurity rule will add an extra layer of vendor due diligence for fund firms, according to lawyers and compliance professionals. Although the rule has an indirect impact on the asset management industry, it will affect how these firms can gather data on public companies, including the vendors they contract. “You certainly could have public companies on either side for the portfolio companies: you would have public companies being the underlying investment for the fund,” said Jason Monfort, Financial Services and Investment Management partner, to Ignites. “For the vendor data, you could have either the specific entity that is serving as the vendor as a public company, or it can be the parent company of that vendor that has to make disclosures regarding its subsidiaries or affiliates, depending on how exactly the disclosure requirements play out.”