​The SEC’s Future Role in ​Cybersecurity Enforcement

Timothy Phillips January 25, 2022
0 Comments

The SEC's New Role in Cybersecurity Enforcement

In a recent speech given to Northwestern Pritzker School of Law’s Annual Securities Regulation Institute, Gary Gensler, chair of the Securities and Exchange Commission (SEC), laid out an ambitious plan for the SEC regarding its role in cybersecurity enforcement. 

These proposals include: 

“Freshen up” Regulation Systems Compliance and Integrity (Reg SCI) – This change would require important financial entities (stock exchanges, alternative trading systems, etc.) to shore up their cyber hygiene and require upgrades including business continuity plans, testing protocols, and data backups. 

cybersecurity and defense

Strengthen financial sector registrants’ cybersecurity hygiene reporting – This would include entities not covered by Regulation SCI like investment companies, investment advisers, and brokers to strengthen their cyber hygiene and incident reporting. 

Strengthen customer information protection for financial sector registrants – This would require those same entities to protect their customer data and PII and notify their customers when their data is accessed. 

Improve cyber risk and event reporting for public companies – This would provide a uniform method for reporting a company’s cybersecurity practices including their governance, risk, and compliance programs. 

Address cybersecurity risk from service providers – In light of the SolarWinds hack, Gensler is looking to require certain public companies to publicly identify any of their service providers that may pose a cybersecurity risk and hold them accountable for their provider’s measures to protect investor information. 

It is unknown when the SEC is looking to make these rule changes, but industry experts think that it will be sooner rather than later. 

What are your thoughts on this?

Do you have any more updated information on this topic that you'd like to share?

What are your thoughts on what the SEC taking on an enforcement role in cybersecurity might look like?

Do you think this is the right or wrong direction for the SEC on this?

If you have thoughts on any of these questions or other relevant and related ones, please leave a comment in the comment section below. Please note to keep our environment clean and free of advertisments of any kind, comments may not include external links, citing company names to promote them, or the like.

Categories: Government, Information Security Management, Policy, Regulations
Tags: , ,

Related Articles

>

Report

Contains content that has been created or is owned by another person or entity, without the permission of that individual or entity for public posting.
Harassment or bullying behavior
Contains content that solicits others to, or is directly an activity that is illegal.
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware
Contains content that are in violation of one or more of the terms and conditions of the Forum's Terms of Use.

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .