SEC: Investors Need Better Cybersecurity Disclosures

The Securities and Exchange Commission’s Commissioner has revealed that when it comes to cybersecurity, investors are not getting the disclosures they need.

“Let’s give them some information for starters (and promptly),” Robert Jackson, Jr. told the annual meeting of the Society for Corporate Governance in Washington, D.C., according to Forbes.

While Jackson isn’t sure what additional cybersecurity information investors need, he does know that information should be given to investors quickly. However, Jackson acknowledged that it is difficult to know what disclosure best practices should be.

“Exactly what companies should say, I am open,” Jackson told the corporate governance executives and consultants.

One thing he is certain of: Cybersecurity needs to be a top priority.

“Cybersecurity is the most important corporate governance issue we face. There is no greater threat to businesses than cyber attacks,” Jackson said.

In addition, SEC Chair Jay Clayton is calling for more money from Congress to protect itself against “advanced” and “persistent” cyber threats.

“It is critical that investors be informed about the dependence of our economy on the storage, transmission and protection of data and the related material threats that issuers, market participants and our markets themselves face,” Clayton explained to the House Financial Services Committee.

Clayton is expected to ask for a modest budget increase for 2019, to $1.658 billion from 2018’s $1.652 billion. The additional funds would enable the SEC to lift its two-year hiring freeze to staff a new cyber unit and fund the appointment of a new chief risk officer to focus on cyber threats.

Last year, Steven Peikin and Stephanie Avakian were appointed new co-directors of enforcement at the SEC, both very concerned with cyberattacks on brokerage firms. “The greatest threat to our markets right now is the cyber threat,” said Peikin. “That crosses not just this building, but all over the country.”