January 17, 2016
As 2015 drew to a close, the Securities and Exchange Commission talked tough on cyber security.
On top of the ever-growing drumbeat of business and headline risk and a series of bold public statements warning that lax cyber security would not be tolerated, The US regulator censured a small regional investment company, RT Jones Capital Equities, after a cyber attack from China exposed information on 100,000 brokerage clients.
For years, the SEC has offered more bark than bite on cyber security, pairing a tough public stance with a lighter regulatory touch. But last year the divide between the SEC’s words and action narrowed. The hardline approach to RT Jones signalled a newfound willingness to step up enforcement efforts to police the data security of investment companies.
It also sent a clear message about the agency’s expectations for 2016: investment advisers and broker-dealers must get their cyber defences in order before the hackers strike.
By emphasising the need to have planning in place, the SEC is signalling that prevention is the centrepiece of its cyber-security enforcement agenda this year.