Security Risk Management

The SEC emerges as a vocal proponent of cyber security

Ben Fagan | July 17, 2014

US-SecuritiesAndExchangeCommission-SealProposed cyber security legislation, notably bills relating to a federal data breach notification standard, has been slow moving in the halls of Congress. While measurable progress has been made on some legislative pushes -- recently evidenced by the Senate Intelligence Committee’s passage of Sen Dianne Feinstein’s cyber threat information sharing bill -- it would be a stretch to say that lawmakers are currently influencing how private industry addresses this issue.

Yet the slow pace of legislation does not mean that Washington has kept quiet about the importance of IT security in today’s business environment. The SEC (Securities & Exchange Commission) has been increasingly vocal about the importance of corporate cyber security. Last month, SEC Commissioner Luis Aguilar called on corporate boards to take steps to include cyber issues in overall risk management decisions made at the board level. This guidance echoes last year’s alert, issued by the SEC’s Office of Compliance Inspections & Examinations, which outlined policies and procedures that companies should adopt to be in compliance.

The SEC has also been positioning itself as a key regulator for corporate cyber security issues, having sent letters to companies in the past for not following disclosure guidelines. And, as one article on the subject notes, while technically not a ruling, the SEC has the ability to levy fines against companies that have not followed their disclosure guidelines. Perhaps more illuminating are suggestions that the SEC considers corporate culture of cyber security in their investigations. This means that companies who proactively disclose to investors and show a commitment to transparency, “could help avoid SEC enforcement actions — or at least mitigate penalties.”

This adoption of cyber security as a critical regulatory issue for the SEC demonstrates that this regulatory body sees network and information sharing continuity as a cornerstone to the functioning of the financial markets. In short, cyber issues are business issues.


Suggested Posts

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...


3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management

An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they...


Cyber Risk Should Be A Growing Concern to the Municipal Bond Market

Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers...


Subscribe to get security news and updates in your inbox.