This publication and the abstract below was published by U.S. Securities and Exchange Commission : Statement on Cybersecurity on Sept. 20, 2017. ICIT strongly encourages you to visit the U.S. Securities and Exchange Commission Publication Library to search for additional information security resources which are freely available.
U.S. Securities and Exchange Commission : Statement on Cybersecurity
Data collection, storage, analysis, availability and protection (including security, validation and recovery) have become fundamental to the function and performance of our capital markets, the individuals and entities that participate in those markets, and the U.S. Securities and Exchange Commission (“Commission” or “SEC”). As a result of these and other developments, the scope and severity of risks that cyber threats present have increased dramatically, and constant vigilance is required to protect against intrusions. The Commission is focused on identifying and managing cybersecurity risks and ensuring that market participants – including issuers, intermediaries, investors and government authorities – are actively and effectively engaged in this effort and are appropriately informing investors and other market participants of these risks.
I recognize that even the most diligent cybersecurity efforts will not address all cyber risks that enterprises face. That stark reality makes adequate disclosure no less important. Malicious attacks and intrusion efforts are continuous and evolving, and in certain cases they have been successful at the most robust institutions and at the SEC itself. Cybersecurity efforts must include, in addition to assessment, prevention and mitigation, resilience and recovery.