On Friday, in remarks before the
L.A. County Bar Association, SEC Commissioner Elad Roisman
addressed some of the challenges associated with cybersecurity and
cyber breaches and similar events. In his presentation, Roisman
considers cybersecurity in a variety of contexts, such as the
exchanges, investment advisers and broker-dealers, but his
discussion of cybersecurity in the context of public companies is
of most interest here. Although the SEC has imposed some
principles-based requirements and issued guidance about
cybersecurity disclosure, Roisman believes that there is more in
the way of guidance and even rulemaking that the SEC should
consider “to ensure that companies understand [the SEC’s]
expectations and investors get the benefit of increased disclosure
and protections by companies.”
Cyber threats cover a broad territory, Roisman explains: they
may involve “simple account intrusions that seek to steal
assets from an investor’s or customer’s accounts;
ransomware attacks that seek to disable business operations in
order to extract payments; and even acts of ‘hacktivism’
that disrupt services to make a political point. Cyber events
can often be hard…
