Mr. Clayton added that the SEC has worked to enhance its cybersecurity defenses in the wake of the hack, turning to other government agencies and outside consultants to “bolster our cybersecurity defenses and reduce our cyber risk profile.”
The fallout from the hack has changed the SEC’s approach to cybersecurity both for the SEC itself and for the companies it regulates, said John Reed Stark, a cybersecurity consultant and former SEC enforcement attorney. He said the agency has shifted from blaming breaches on the affected firms, and instead is emphasizing the importance of internal controls, training for employees and getting senior management involved as soon as possible after an attack is detected—a focus he attributes to the SEC’s own top-down reorganization following the Edgar hack.
Join Us On LinkedIn
Join the Cybersecurity and Incident Response Group on LinkedIn