SEC Looks to Bolster Market’s Cyber Defenses

WASHINGTON—The Securities and Exchange Commission is exploring ways to improve cybersecurity in capital markets, including by extending compliance obligations to companies that currently don’t have to meet them, Chairman Gary Gensler said Monday.

“The economic cost of cyberattacks is estimated to be at least in the billions, and possibly in the trillions, of dollars,” Mr. Gensler said in a virtual speech to the Northwestern Pritzker School of Law’s annual Securities Regulation Institute conference. “We at the SEC are working to improve the overall cybersecurity posture and resiliency of the financial sector.”

Mr. Gensler said the agency is considering extending a rule known as Regulation Systems Compliance and Integrity, or Reg SCI, to large financial firms it doesn’t currently cover, such as market makers and broker-dealers.

The rule, which currently applies to stock exchanges, clearinghouses and similar entities, requires firms to conduct testing for cybersecurity issues, back up their data and have business-continuity plans in the event of a breach.

At a meeting of SEC commissioners Wednesday, officials plan to propose extending Reg SCI to trading platforms that match buyers and sellers of Treasury securities, Mr. Gensler said.

Regulators have recently stepped up scrutiny of how companies respond to attacks by hackers.

Mr. Gensler reiterated Monday that publicly traded companies might have an obligation to disclose ransomware incidents that result in payments or data breaches that expose client information.

Kenneth Bentsen, president of the Securities Industry and Financial Markets Association, said he welcomed Mr. Gensler’s remarks, adding that cybersecurity is already a top priority for the financial industry.

“To say whether policy makers need to adopt new rules or not, I don’t know, but I think what you have to look at first is everything that’s going on right now across the industry,” Mr. Bentsen said. “You have to constantly be updating. And it’s got to be very much collaborative between the regulated and the regulators.”

The SEC chairman said he also has directed staff to look into updating the timing and substance of the notifications that brokers, fund managers and investment advisers are required to send clients when their data have been accessed in a cyber incident.

In addition, the SEC is examining ways to raise cybersecurity standards for service providers—such as index providers, custodians, investor-reporting systems and others—that aren’t directly covered by current regulations, Mr. Gensler said.

Possible measures include requiring SEC-registered firms to identify service providers that could pose risks or holding firms accountable for their service providers’ cybersecurity measures.

“This could help ensure important investor protections are not lost and key services are not disrupted as financial-sector registrants increasingly rely on outsourced services,” Mr. Gensler said.

Ransomware attacks are increasing in frequency, victim losses are skyrocketing, and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the U.S. can do to fight them. Photo illustration: Laura Kammermann

Write to Paul Kiernan at [email protected]

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.