Search the Site

SEC Rolls Out Cyberbreach Enforcement Initiative as Clayton Answers Senate Inquiry

Closely on the heels of the massive Equifax data breach and its own cybersecurity incident – in which SEC Chairman Jay Clayton admitted that the agency’s hack likely provided the basis for illicit gains through trading – the SEC has announced two separate enforcement initiatives to build on its existing enforcement division.

First, the creation of an SEC cyber unit will target “cyber-related misconduct,” and second, a retail strategy task force will implement initiatives that directly affect retail investors.

The SEC’s announcement came one day before Clayton was scheduled to testify before a Senate panel, in which he told elected officials that he learned of the data breach at the agency “belatedly” and that it could still take quite a bit of time before the full extent of the intrusion is understood.

The federal agency’s newly formed cyber unit has apparently been in the planning stages for months, intended to complement the incoming chairman’s initiatives to create a “cybersecurity working group to coordinate information sharing, risk monitoring, and incident response efforts throughout the agency,” SEC officials said.

The division’s expertise has sought to keep pace with the current cyber-climate, but co-director of the SEC’s enforcement division, Stephanie Avakian echoed in her statement, “The cyber unit will enhance our ability to detect and investigate cyber threats through increasing expertise in an area of critical national importance.” Robert Cohen has been appointed chief of the cyber unit – reassigned from his role as co-chief of the market abuse unit.

During his Senate testimony – Clayton’s first time before the Senate Banking Committee since taking office in May 2017 – several U.S. senators pressed the chairman to abide by the same, if not higher, standards as the companies he regulates.

“When we learn a year after the fact that the SEC had its own breach and that it likely led to illegal stock trades, it raises questions about why the SEC seems to have swept this under the rug,” asked Ohio Sen. Sherrod Brown, according to The Washington Post. “What else are we not being told, what other information is at risk, and what are the consequences?”

Clayton aptly answered by asserting that reporting a vulnerability before fully understanding it can lead others to “try to test and probe it.” However, this answer my draw attention back to the fact that Equifax intrusion came on the back of a months-old, and already patched, vulnerability.

Facing pressure from the company’s board in the wake of the massive breach, Equifax CEO Richard Smith announced his departure from the company in the form of an “early retirement”– in which he could walk away with at least $18 million in pension benefits.

Related Articles

The GDPR Story Begins

We’ve been waiting years for its arrival, holding our breath in nervous anticipation—and finally, on May 25, the world will experience it. But eno...

U.S. Cannabis Law Opens Door to Canadian Invasion

Federal law makes the possession and sale of marijuana illegal throughout the United States. As we’ve long known, this federal policy keeps American...

Retailers Adjust to the Amazon Effect

When founder Jeff Bezos introduced Amazon.com to the world more than 20 years ago, it was supposed to signal the demise of the bookstore. The threa...