WASHINGTON, D.C.—Legal Director and Securities Specialist Stephen Hall issued the following statement on the filing of Better Markets’ Comment Letter to the Securities and Exchange Commission (SEC) in response to the agency’s proposed rule to enhance cybersecurity preparedness, disclosure, and resiliency in our financial markets:
“Corporate leaders and regulators all agree that cyberattacks are not only on the rise but virtually inevitable, threatening millions of dollars in losses and recovery costs per incident. Financial firms are especially rich targets for potentially crippling attacks and ransom demands that could wreak havoc in the markets. That’s why this proposal is so important. It will help ensure that a broad range of financial firms can more effectively prevent and respond to cyberattacks. Once finalized, this proposed rule will protect investors, advance financial stability, and instill confidence in our markets, both domestically and internationally.
“The SEC’s proposed rule would require market entities, including broker-dealers, exchanges, and clearing agencies, to establish policies and procedures designed to address their cybersecurity risks and responses. It would also require firms to immediately report significant cybersecurity incidents to the SEC and to publicly disclose those incidents. These transparency measures will enable the SEC, market participants, and investors to better understand the operational, reputational, and financial risks of a cybersecurity attack on market entities performing critical functions. It will also enable the SEC to better assess potential systemic risks affecting financial markets more broadly.
“As we explain in our comment letter, the SEC’s proposal is sound, although it should be strengthened in several ways. It must require stricter board oversight of cybersecurity policies and procedures as well as increased disclosures. That information should include whether a market entity has paid a ransom related to a cybersecurity incident; whether a market entity has a designated Chief Information Security Officer; and whether a market entity has an independent, third-party audit conducted on their cybersecurity policies and procedures. These disclosures would incentivize firms to fortify their policies and procedures and allow other market participants and investors to assess their readiness for an attack.”
Read our full comment letter here.
Better Markets is a non-profit, non-partisan, and independent organization founded in the wake of the 2008 financial crisis to promote the public interest in the financial markets, support the financial reform of Wall Street and make our financial system work for all Americans again. Better Markets works with allies—including many in finance—to promote pro-market, pro-business and pro-growth policies that help build a stronger, safer financial system that protects and promotes Americans’ jobs, savings, retirements and more. To learn more, visit www.bettermarkets.org.