Today, the Securities and Exchange Commission (SEC) chairman, Jay Clayton, issued a statement, highlighting the value of cyber security to market participants and the agency, specifying the agency’s approach to cyber security as a regulatory body and organisation.
As part of an on-going assessment of SEC’s cyber security risk profile, the statement includes the creation of a senior level cyber security-working group, to coordinate information sharing risk monitoring and incident response efforts throughout the agency.
Last month, the commission found an incident previously detected in 2016; a software vulnerability in the test-filing component of the commission’s EDGAR system, which was patched promptly after discovery, which resulted in access to non-public information.
SEC chairman, Jay Clayton, said: “Cyber security is critical to the operations of our markets and the risks are significant and, in many cases, systemic.”
‘Key component of cyber risk management is resilience’
The statement also provides an overview of the commission’s use of data, and discusses key cyber issues faced by the agency.
“We must be vigilant. We also must recognise—in both the public and private sectors, including the SEC — that there will be intrusions, and that a key component of cyber risk management is resilience and recovery,” added Clayton.
An internal investigation was commenced immediately at the direction of the chairman, and it is believed the intrusion did not result in unauthorised access to personally identifiable information or result in systemic risk.
Clayton also noted by promoting effective cyber security practices in connection with both commission’s internal operations and external regulatory oversight efforts, it is our objective to contribute substantively to a financial market system that recognises and addresses cyber security risks.
Written from press release by Leah Alger