The SEC's Role in Cybersecurity Regulations

Compliance Hub

Jul 20, 2023 — 2 min read

The Securities and Exchange Commission (SEC) plays a crucial role in the realm of cybersecurity, particularly in the financial sector. As markets become increasingly global and complex, so too do the threats posed by cyber intrusions, denial of service attacks, manipulation, misuse by insiders, and other forms of cyber misconduct. In the United States, aspects of cybersecurity fall under the responsibilities of multiple government agencies, including the SEC. Cybersecurity is also a responsibility of every market participant, and the SEC is committed to working with federal and local partners, market participants, and others to monitor developments and effectively respond to cyber threats.

Cybersecurity Update: CISA's Recommendations

The Cybersecurity and Infrastructure Security Agency (CISA) recommends all organizations, regardless of size, to adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. The recommended actions include reducing the likelihood of a damaging cyber intrusion, taking steps to quickly detect a potential intrusion, ensuring that the organization is prepared to respond if an intrusion occurs, and maximizing the organization's resilience to a destructive cyber incident.

SEC's Resources and Guidance

The SEC provides valuable guidance to help broker-dealers, investment advisers, investment companies, exchanges, and other market participants protect their customers from cyber threats. The agency also keeps a watchful eye over market participants, making cybersecurity a priority of its National Exam Program.

The SEC uses its civil law authority to bring cyber-related enforcement actions that protect investors, hold bad actors accountable, and deter future wrongdoing. The Division of Enforcement’s Cyber Unit, established in September 2017, has substantial cyber-related expertise. The Cyber Unit focuses on violations involving digital assets, initial coin offerings and cryptocurrencies; cybersecurity controls at regulated entities; issuer disclosures of cybersecurity incidents and risks; trading on the basis of hacked nonpublic information; and cyber-related manipulations, such as brokerage account takeovers and market manipulations using electronic and social media platforms.

SEC's Role in Investor Protection

Investors increasingly rely on the internet to open investment accounts, check up on their holdings, and make securities transactions. The SEC provides valuable guidance, including an Investor Alert and Investor Bulletin, to help investors protect themselves from cyber threats.

Conclusion

The SEC plays a pivotal role in the cybersecurity landscape, particularly in the financial sector. Through its guidance, oversight, and enforcement actions, the SEC helps protect investors and market participants from cyber threats. As cyber threats continue to evolve, the SEC's role in cybersecurity will remain critical.

NCA Leads International Operation to Degrade Illegal Versions of Cobalt Strike

Introduction The National Crime Agency (NCA) has spearheaded an extensive international operation aimed at dismantling the illegal use of Cobalt Strike, a legitimate cybersecurity tool often misused by cybercriminals. This operation, involving cooperation with multiple law enforcement agencies worldwide, represents a significant step in the fight against cybercrime. This article

Tutorial: Staying Ahead of Website Best Practices to Avoid Lawsuits

Introduction In the rapidly evolving digital landscape, adhering to best practices for website management is crucial to avoid legal pitfalls. This tutorial outlines the steps businesses can take to ensure compliance with global privacy regulations and protect themselves from potential lawsuits. Step 1: Understand Relevant Regulations Key Regulations to Consider:

Legislation and Compliance: Updates on New Laws and Regulations Affecting IoT Security

As the Internet of Things (IoT) continues to expand, governments and regulatory bodies worldwide are increasingly focusing on enhancing security standards to protect users and infrastructure. This article provides an in-depth overview of recent legislative updates and compliance requirements affecting IoT security. Emerging IoT Threats in 2024: A Comprehensive UpdateThe

In-Depth Synopsis: Global Adoption of Cybersecurity, Data Privacy, and AI Regulations in 2024

Introduction The landscape of cybersecurity, data privacy, and AI regulation has been rapidly evolving to address the growing complexity and frequency of cyber threats, the expanding volume of personal data being processed, and the transformative impacts of artificial intelligence. In 2024, significant advancements and adaptations have been made worldwide to