U.S. Senate Asks SEC To Update Cyberattack Protocols

The U.S. Securities and Exchange Commission (SEC) announced it is launching two enforcement initiatives to boost efforts to address cyber threats and protect retail investors.

The move comes in the wake of the massive Equaifax hack, which exposed the personal data of 143 million Americans. The SEC suffered its own breach of its corporate filing database.

“The creation of a cyber unit that will focus on targeting cyber-related misconduct – and the establishment of a retail strategy task force that will implement initiatives that directly affect retail investors – reflect SEC Chairman Jay Clayton’s priorities in these important areas,” the agency said in a statement, according to Reuters.

The news comes on the same day Reuters reported that a group of senators sent a request to the SEC, asking it to review and possibly update its rules governing when public companies should disclose cyber breaches. Equifax has come under fire for how long it took the company to make the breach public, as well as failing to report a separate cybersecurity incident in March.

“Given your statements, the Equifax breach as well as the increased threat posed by cyber breaches and attacks, we ask you to have the SEC’s staff review whether the 2011 guidance … regarding disclosure obligations relating to cybersecurity risks and cyber incidents should be updated,” the committee asked Clayton in the letter.

The current SEC rules, which require listed companies to disclose breaches if they are material, have been criticized by lawyers and investors as too vague. In fact, global investor group Investment Company Institute told Reuters on Friday that disclosure rules for both companies and public sector bodies need to be stricter.

As for the SEC, Chair Jay Clayton – who has said he considers cyber security to be a top priority for the agency – will be questioned by senators this week over how hackers were able to access non-public information in its EDGAR database in 2016.