SEC’s breach notification proposal one step closer to a final vote

The Securities and Exchange Commission voted Wednesday 3-1 to approve a recommendation for tighter mandatory cybersecurity requirements for financial institutions. The proposed rule will now open to public comment before a final vote. “The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks,”  SEC Chairman Gary Gensler said at the agency’s open meeting. Most critically, the new rule would require confidential reports of any “significant” cybersecurity incidents to the SEC within 48 hours. The proposal also would require advisers and funds to adopt, at a minimum, cybersecurity protections including a risk assessment; user security and access controls; information protection and monitoring to protect systems from unauthorized use; and an annual written review of cybersecurity risks and policies. The report would require review by a board of directors. Commissioners said they want more […]

The post SEC’s breach notification proposal one step closer to a final vote appeared first on CyberScoop.

Continue reading SEC’s breach notification proposal one step closer to a final vote

SEC’s Gensler signals enhancement of cybersecurity, breach disclosure rules for financial sector

U.S. Securities and Exchange Commission Chairman Gary Gensler is exploring an expansion of the SEC’s core cybersecurity rules to cover a broader swath of entities and require public companies to improve disclosure of breaches and risks. Gensler said in a speech on Monday that he instructed staff to look into an update of the commission’s “Regulation Systems Compliance and Integrity,” or Reg SCI, which the SEC adopted in 2014. Staff will examine whether the regulation — under which trading organizations and others must take security steps like backing up data — should extend to include the largest market-makers and broker-dealers. Gensler also said he asked staff to consider recommendations on bolstering the financial sector’s cybersecurity hygiene and incident reporting, how customers and clients receive notifications of financial sector breaches and how public companies disclose cybersecurity practices and risks. And he wants staff to examine how to better address cyber risk […]

The post SEC’s Gensler signals enhancement of cybersecurity, breach disclosure rules for financial sector appeared first on CyberScoop.

Continue reading SEC’s Gensler signals enhancement of cybersecurity, breach disclosure rules for financial sector

SEC settles with First American over massive data leak for nearly $500,000

The Securities and Exchange Commission announced Tuesday that it has settled charges with First American Financial over its 2019 leak of sensitive customer information that exposed more than 800 million document images. Under the terms of the deal, the heavyweight real estate title insurance company will pay a $487,616 fine. The SEC had charged the company with inadequately disclosing the cybersecurity vulnerability that exposed the information. The digitized records included things like Social Security numbers and bank account statements. First American first made public statements about the vulnerability in May 2019 but the company’s information security personnel had first spotted it in January, and according to the SEC they didn’t fix it and failed to notify company brass. “As a result of First American’s deficient disclosure controls, senior management was completely unaware of this vulnerability and the company’s failure to remediate it,” said Kristina Littman, chief of the SEC Enforcement […]

The post SEC settles with First American over massive data leak for nearly $500,000 appeared first on CyberScoop.

Continue reading SEC settles with First American over massive data leak for nearly $500,000