The importance of cybersecurity to combat the risks of cyberattacks were highlighted in a new report by the Securities and Exchange Commission.
“Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic,” SEC Chairman Jay Clayton said. “We must be vigilant. We also must recognize — in both the public and private sectors, including the SEC — that there will be intrusions, and that a key component of cyber risk management is resilience and recovery.”
The report featured a discussion of an intrusion that occurred in 2016 of the SEC’s EDGAR test filing system. In August 2017, the commission learned that an incident may have provided the basis for illicit gain through trading. Specifically, a software vulnerability in the test filing component of the Commission’s EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information. It is believed the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the commission, or result in systemic risk. An internal investigation was commenced immediately at the direction of Clayton.
The report is part of an ongoing assessment of the SEC’s cybersecurity risk profile that Clayton initiated upon taking office in May. Components of this initiative have included the creation of a senior-level cybersecurity working group to coordinate information sharing, risk monitoring, and incident response efforts throughout the agency.
“By promoting effective cybersecurity practices in connection with both the commission’s internal operations and its external regulatory oversight efforts, it is our objective to contribute substantively to a financial market system that recognizes and addresses cybersecurity risks and, in circumstances in which these risks materialize, exhibits strong mitigation and resiliency,” Clayton said.