For years the Securities and Exchange Commission (SEC) had a tougher bark than bite but decided that in 2016 they were going to crack down when it comes to cyber security. RT Jones Capital Equities, a small regional investment company experienced a cyber attack from China that took 100,000 of their clients’ information, according to an article on the Financial Times. Since the SEC had earlier stated that investment bankers and broker-dealers should prepare for cyber defenses, they were disappointed to hear of this cyber attack.
The SEC decided to list complaints about RT Jones’ failure to implement cyber defenses, which included not conducting periodic risk assessments, not encrypting sensitive data, and not having a breach assessment ready in case of an attack. Andrew Donohue, the SEC chief of staff, had warned that his agency would pass enforcement actions against the companies’ chief compliance officers for looking the other way when addressing important compliance concerns.
The SEC is becoming stricter to prevent cyber attacks from happening. Companies need to not only look out for cyber attacks but also the SEC, when not setting up defense mechanisms.