A recent article on the modaq.com website makes a clear point on the government’s determination to not only encourage cybersecurity but also penalize those who do not chose to ignore it. Both the SEC and the FBI are sounding the warning for both the Legal and Financial industries.
Specifically, at a February conference in Washington DC, an SEC enforcement official made it clear that the agency “…would continue to pursue cybersecurity enforcement actions related to three main themes: (i) the failure to safeguard confidential information, (ii) the theft of nonpublic information for illegal use in market activities and (iii) the failure by a public company to disclose a cybersecurity-related incident.”
Even more specifically, the agency articulated that companies withholding breach information could face both civil and criminal enforcement actions. The takeaway was clear – the agency expects to monitor a firm’s preparedness both before and after a breach.
Similarly, the FBI announced that they are investigating hackers who targeted several high-profile law firms with the likely intent of stealing confidential, insider trading focused information.
As the article points out, “If that wasn’t already clear, the events so far in 2016 should act to remind all firms to regularly review the adequacy of their cybersecurity risk management controls and disclosure policies and practices, with an eye toward preventing, responding to and/or mitigating cyber attacks, including alerting clients to actual breaches and, where appropriate, disclosing potential cybersecurity risks.”
Read the full article here.