Facing increased breaches on its systems and among its members, the Securities and Exchange Commission (SEC) is considering how it will better handle cyber threats.
The SEC proposed new amendments in March to govern how investment firms and public companies under its purview should improve upon their IT security management and incident reporting.
“Over the years, our disclosure regime has evolved to reflect evolving risks and investor needs,” said SEC Chair Gary Gensler in a March release.
“Today, cybersecurity is an emerging risk with which public issuers increasingly must contend. Investors want to know more about how issuers are managing those growing risks,” Gensler said. “A lot of issuers already provide cybersecurity disclosure to investors. I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner.”
SEC gets tough on identity programs and incident reporting
In…
