Cybersecurity Risks are Substantial, Says SEC Chief

The chairman of the Securities and Exchange Commission has urged Wall Street to educate everyday investors on teh ‘substantial risk’ of cybersecurity threats.

Newly appointed SEC chairman Jay Clayton was speaking at a panel discussion at New York University’s School of Law on Tuesday when he revealed his take on the state of cybersecurity and the threat posed by hackers on investors.

He stated:

 I am not comfortable that the American investing public understands the substantial risk that we face systemically from cyber issues and I would like to see better disclosure around that.

The SEC has previously been called on by cybersecurity experts to mandate specific disclosures by US public sector companies about cyber-risks and attacks, particularly in the aftermath of the 2013 Target breach. A noteworthy, infamous data breach, the Target cyberattack compromised the credit and debit card details of millions of customers. An SEC investigation into the breach determined that Target failed to provide reasonable data security for consumers. Ultimately, Target agreed to pay a substantial $18.5 million fine to resolve the SEC probe.

Clayton further confirmed that the SEC would investigate companies that misled investors about any potential cyber-risks. Still, the chairman added that the battle against hackers shouldn’t be confined to government silos and ought to take a wider impetus.

“We have to have our individual responsibilities, but we also have to do our best to foster a collective approach to the issue,” Clayton said.

One particular concern, as pointed out by SEC’s enforcement division co-director Stephanie Avakian, underlines the rising trend of information theft and data breaches by hackers to gain some sort of market advantage.

While the SEC has occasionally taken action against financial firms for leaving customers’ details unsecured, it has gone after malicious hackers and individuals who broke into press agencies, newswires and brokerages accounts to carry out insider trading or other related fraud. However, it is yet to sue a publicly listed company over how it communicated a cyberattack or data breaches suffered due to any malicious actors.

Image credit: Flickr.