“Cybersecurity efforts must include, in addition to assessment, prevention and mitigation, resilience and recovery.” – SEC Chairman Jay Clayton
The U.S. Securities and Exchange Commission (SEC) Chairman Jay Clayton highlighted SEC’s approach to managing cybersecurity risks after the agency discovered in August 2017 that the 2016 breach of its EDGAR system may have disclosed non-public information that was potentially used for insider trading.
Software vulnerability in the test filing component of EDGAR — short for Electronic Data Gathering, Analysis and Retrieval — which registered companies use to file statements and report contributed to the breach, SEC said.
“We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the commission, or result in systemic risk,” said SEC Chairman Jay Clayton. “Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities.”
Clayton added that SEC immediately patched after the intrusion was discovered, and the regulator is a frequent target of attacks by unauthorized actors to disrupt access to its public-facing systems, access data or cause damage to its technology infrastructure.
A Bloomberg report said if the breaches continue and SEC is underfunded and ill-prepared to fix them, it could undermine “company and investor confidence in the agency. That might threaten the regulator’s ability to provide a bedrock principle of the U.S. financial system: market transparency.”