Better Markets filed a comment letter with the Securities and Exchange Commission in response to the proposed rule to enhance cybersecurity preparedness, disclosure, and resiliency in our financial markets.
Why It Matters. Corporate leaders and regulators all agree that cyberattacks are not only on the rise but virtually inevitable, threatening millions of dollars in losses and recovery costs per incident. Financial firms are especially rich targets for potentially crippling attacks and ransom demands that could wreak havoc in the markets. The SEC’s proposed rule would require market entities, including broker-dealers, exchanges, and clearing agencies, to establish policies and procedures designed to address their cybersecurity risks and responses. It would also require firms to immediately report significant cybersecurity incidents to the SEC and to publicly disclose those incidents.
What We Said. The SEC’s proposal is sound, although it should be strengthened in several ways. It must require stricter board oversight of cybersecurity policies and procedures as well as increased disclosures. That information should include whether a market entity has paid a ransom related to a cybersecurity incident; whether a market entity has a designated Chief Information Security Officer; and whether a market entity has an independent, third-party audit conducted on their cybersecurity policies and procedures. These disclosures would incentivize firms to fortify their policies and procedures and allow other market participants and investors to assess their readiness for an attack.
Bottom Line. This proposal will help ensure that a broad range of financial firms can more effectively prevent and respond to cyberattacks. Once finalized, this proposed rule will protect investors, advance financial stability, and instill confidence in our markets, both domestically and internationally.
Read our full Comment Letter here or click the button below.