SEC proposes new cyber incident reporting rules for financial orgs
The Securities and Exchange Commission (SEC) proposed new cybersecurity rules for a range of financial organizations that would force them to report incidents within 48 hours of detection and implement certain security policies.
The new rules would also make it mandatory for some financial institutions to annually test and review the effectiveness of their cybersecurity policies and procedures.
“The nature, scale, and impact of cybersecurity risks have grown significantly in recent decades,” said SEC Chair Gary Gensler. “Investors, issuers, and market participants alike would benefit from knowing that these entities have in place protections fit for a digital age. This proposal would help promote every part of our mission, particularly regarding investor protection and orderly markets.”
The rules would cover broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents.
/https://public-media.si-cdn.com/filer/b8/cb/b8cbe79b-97c7-4175-bb3c-a3286a641224/grissom.jpg)
