On January 9, the Securities & Exchange Commission (“SEC”) released its National Examination Priorities (“NEP”) for 2014 and once again identified cybersecurity as a heightened risk that the agency intends to scrutinize as part of its mission to protect investors. The NEP identifies technology — specifically, companies’ governance and supervision of IT systems, information security, and response readiness — as one of its most significant initiatives for 2014. The NEP’s Broker-Dealer Exam Program also identifies market access controls related to “information leakage and cyber security” as a core risk on which the agency will focus in the coming year.
We wrote in a previous post about the SEC’s intensifying focus on corporations’ cybersecurity efforts – and on their cybersecurity weaknesses and risks. Cybersecurity has continued to be a focal point for the SEC, especially in the face of mounting Congressional pressure on the agency to demand more transparency from companies about their cybersecurity risks and steps taken to address those risks, and recent reports of cyberattacks against U.S. companies and the massive costs to those companies that result. SEC Chair Mary Jo White noted in a speech to the National Association of Corporate Directors in October that cybersecurity was a “hot topic from many perspectives.” This year’s NEP is the latest sign that corporate cyber risks and incidents will remain in the agency spotlight in 2014.
Continue Reading SEC to Focus on Corporate Cybersecurity Risks in 2014