From: Corporate Counsel
In recent years, the Securities and Exchange Commission (SEC) has prioritized the regulation, monitoring, and enforcement of cybersecurity activities. On Sept, 25, the SEC reinforced its commitment to cybersecurity when the Enforcement Division announced the formation of a “Cyber Unit” that will target cyber-related misconduct affecting the securities markets.
In recent years, the Securities and Exchange Commission (SEC) has prioritized the regulation, monitoring, and enforcement of cybersecurity activities. On Sept, 25, the SEC reinforced its commitment to cybersecurity when the Enforcement Division announced the formation of a “Cyber Unit” that will target cyber-related misconduct affecting the securities markets. In the press release announcing the new unit, the SEC specified the following six types of misconduct:
- Market manipulation by spreading false information
- Hacking to obtain material nonpublic information for insider trading
- Misconduct related to distributed ledger technology and initial coin offerings
- Misconduct perpetrated using the dark web
- Hacking into retail brokerage accounts
- Hacking into trading platforms
The wrongdoing targets only hackers and outside threats, and fails to mention cyber-related enforcement against registered entities or public companies. But make no mistake: the creation of the Cyber Unit does not signal a shift in policy toward viewing companies only as victims of hacks and system breaches. The Cyber Unit’s other cyber-related enforcement priorities, although unstated in the SEC’s press release, are geared directly to registered-entities and public companies; namely, the failure of registered entities to safeguard information or ensure system integrity, and the failure of public companies to disclose cyber-related incidents or data breaches.
Leave a Reply