Search the Site

SEC Rolls Out Cyberbreach Enforcement Initiative as Clayton Answers Senate Inquiry

Closely on the heels of the massive Equifax data breach and its own cybersecurity incident – in which SEC Chairman Jay Clayton admitted that the agency’s hack likely provided the basis for illicit gains through trading – the SEC has announced two separate enforcement initiatives to build on its existing enforcement division.

First, the creation of an SEC cyber unit will target “cyber-related misconduct,” and second, a retail strategy task force will implement initiatives that directly affect retail investors.

The SEC’s announcement came one day before Clayton was scheduled to testify before a Senate panel, in which he told elected officials that he learned of the data breach at the agency “belatedly” and that it could still take quite a bit of time before the full extent of the intrusion is understood.

The federal agency’s newly formed cyber unit has apparently been in the planning stages for months, intended to complement the incoming chairman’s initiatives to create a “cybersecurity working group to coordinate information sharing, risk monitoring, and incident response efforts throughout the agency,” SEC officials said.

The division’s expertise has sought to keep pace with the current cyber-climate, but co-director of the SEC’s enforcement division, Stephanie Avakian echoed in her statement, “The cyber unit will enhance our ability to detect and investigate cyber threats through increasing expertise in an area of critical national importance.” Robert Cohen has been appointed chief of the cyber unit – reassigned from his role as co-chief of the market abuse unit.

During his Senate testimony – Clayton’s first time before the Senate Banking Committee since taking office in May 2017 – several U.S. senators pressed the chairman to abide by the same, if not higher, standards as the companies he regulates.

“When we learn a year after the fact that the SEC had its own breach and that it likely led to illegal stock trades, it raises questions about why the SEC seems to have swept this under the rug,” asked Ohio Sen. Sherrod Brown, according to The Washington Post. “What else are we not being told, what other information is at risk, and what are the consequences?”

Clayton aptly answered by asserting that reporting a vulnerability before fully understanding it can lead others to “try to test and probe it.” However, this answer my draw attention back to the fact that Equifax intrusion came on the back of a months-old, and already patched, vulnerability.

Facing pressure from the company’s board in the wake of the massive breach, Equifax CEO Richard Smith announced his departure from the company in the form of an “early retirement”– in which he could walk away with at least $18 million in pension benefits.

Related Articles

Airbnb Opens its Doors to Stakeholders

Poke around on the website and it becomes clear that Airbnb fancies itself a different kind of company. The room-sharing and travel service touts itse...

CEO Dismissals Reflect Diverging Approaches to Transparency

What does it mean for a CEO to exercise “conduct inconsistent with a non-financial company policy”? If your eyes glazed over at that euphemistic l...

Reg BI Headlines Four Securities Enforcement Priorities for 2020

It’s January, and around Washington, D.C., that means it’s time for government agencies to declare their priorities for the coming year. They’re...