The U.S. Securities and Exchange Commission expects firms to be prepared for cybersecurity risks, and act in advance to take “measures to prevent and mitigate damage from these threats”, SEC Commissioner Elad Roisman said. His statements were made,in an October 29 speech
to the Los Angeles County Bar Association about cybersecurity – “a topic that is becoming increasingly important for companies and regulators.”
to the Los Angeles County Bar Association about cybersecurity – “a topic that is becoming increasingly important for companies and regulators.”
While it “is sometimes overlooked,” Roisman stressed firms should know that “today, the threat of a cyber-attack is so constant and significant for every market participant that it should be viewed as a substantial likelihood.” Thus, the SEC will not be satisfied by mere postmortem disclosure. Rather, it will inquire whether its registrants acted in advance to prepare for the attack, and to contain and minimize the attack harms once it was waged.
There is a reason Roisman continues to hammer on this point – it means that for cybersecurity threats, the SEC is stepping out of its traditional role, to focus almost exclusively on firms compliance with their disclosure obligations, and assumes a much broader…
