The SEC and Cybersecurity Regulation

[InfoSec News <alerts () infosecnews org>]

https://www.lawfareblog.com/sec-and-cybersecurity-regulation

By Nathaniel Sobel
Lawfare
November 19, 2018

American companies are getting hacked, and the Securities and Exchange 
Commission wants corporate executives to do something about it. According 
to a White House Council of Economic Advisers report released earlier this 
year, malicious cyber activity cost the U.S. economy between $57 billion 
and $109 billion in 2016. The report acknowledged a widely recognized root 
of the problem: "[C]yberattacks and cyber theft impose externalities that 
may lead to rational underinvestment in cybersecurity by the private 
sector relative to the socially optimal level of investment."

But despite outrage and hearings in Congress after major breaches, like 
the Equifax hack disclosed last year, Congress has not passed new 
legislation. There is no current central federal mandate that offers 
protections for personal data. Instead as a legal treatise puts it, the 
U.S. "has a patchwork system of federal and state laws and regulations 
that can sometimes overlap, dovetail and contradict one another."It's in 
that context that the Securities and Exchange Commission (SEC) has, under 
its authority of enforcing the federal securities laws, steadily increased 
its regulation of cybersecurity-related matters. A top SEC official said 
last year that: "The greatest threat to our markets right now is the cyber 
threat." And SEC Chairman Jay Clayton told the Senate Banking Committee 
that in regard to cyber attacks, companies "should be disclosing more" and 
that there should be "better disclosure about their risk portfolios and 
sooner disclosures about intrusions." In another statement, Clayton 
announced:

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_