Securities and Exchange Commission Chair Gary Gensler is emphasizing the need for the financial sector to strengthen its protections against cyberattacks, according to a report by ThinkAdvisor.
Gensler’s remarks came in a speech on cybersecurity and securities laws, delivered Monday to the Northwestern Pritzker School Of Law’s 2022 Securities Regulation Institute. He outlined the SEC’s proposals for advisors and broker-dealers to upgrade what he called their “cyber hygiene”.
Gensler said he would ask SEC staff to make recommendations pertaining to companies’ cybersecurity practices and cyber risk disclosures, including how to update companies’ disclosures to investors when cyber events have occurred.
Another area of focus for the commission is expanding its Regulation Systems Compliance and Integrity rule, known as Reg SCI, which requires firms to have cybersecurity testing protocols, backups of data and continuity plans in place in case of a data breach. The rule currently applies to stock exchanges, clearinghouses, alternative trading systems, and self-regulatory organizations.
“A lot has changed, though, in the eight years since the SEC adopted Reg SCI,” said Gensler. “Thus, I’ve asked staff how we might broaden and deepen this rule. For example, might we consider applying Reg SCI to other large, significant entities it doesn’t currently cover, such as the largest market-makers and broker-dealers?”
He added that the SEC is looking for ways to modernize and expand Regulation S-P, which requires registered broker-dealers, investment companies, and investment advisers to protect customer records and information.
Gensler said the financial sector has become a target of cyber attacks that put investors’ financial accounts, savings, and private information at risk.
“The economic cost of cyberattacks is estimated to be at least in the billions, and possibly in the trillions, of dollars,” Gensler said. “We at the SEC are working to improve the overall cybersecurity posture and resiliency of the financial sector.”
He said the SEC was considering requirements to identify service providers that might pose cybersecurity risks, and added that the SEC itself is continuing to work to protect its own data and information technology as well as industry data.
The securities investigations attorneys at Lewitas Hyman were formally senior attorneys in the SEC’s Division of Enforcement and have represented clients in regulatory matters while working at Morgan Stanley and in private practice at some of the world’s largest law firms. Therefore, we understand the complexities that come with being the subject of a regulatory inquiry, and we have the experience to guide and advise you through any type of regulatory investigation. If you are the subject of a regulatory proceeding, contact us at (312) 291-4600 or through our online contact form for a free consultation.