Intercontinental Exchange and nine affiliates agreed to pay $10 million for allegedly failing to inform the Securities and Exchange Commission of a cyber intrusion as required by Regulation Systems Compliance and Integrity.
Cybersecurity
Posted inRisk Management
SEC official clarifies material incident reporting under new cyber rule
Erik Gerding, director of the Securities and Exchange Commission’s Division of Corporation Finance, issued a statement addressing early inconsistencies observed under the agency’s new cybersecurity incident disclosure rule.
Posted inRegulatory Enforcement
EPA warns of increased cybersecurity scrutiny toward water systems
The Environmental Protection Agency is increasing its inspections of public drinking water systems after finding a majority of those reviewed were vulnerable to cyberattacks and related threats.
Posted inData Privacy
California privacy reg seeking more input on new rules
Businesses will receive additional time to weigh in on proposed regulations by the California Privacy Protection Agency regarding risk assessments, cybersecurity audits, automated decision-making, and data broker registration before they’re potentially finalized later this year.
Posted inFinancial Services
SEC amends Reg S-P to require data breach notification within 30 days
The Securities and Exchange Commission will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days.
Posted inRisk Management
NYDFS offers cyber rule compliance template for small businesses
The New York State Department of Financial Services issued guidance for small businesses attempting to comply with its cybersecurity regulations.
Posted inRisk Management
Survey: Public companies fear added cyber risks from SEC disclosures
Large public companies say they are prepared to comply with the disclosure requirements of the SEC’s new cybersecurity incident rule, according to a survey conducted by Compliance Week and DLA Piper, but concerns exist that those reports could enhance the threat of future cyberattacks.
Posted inRisk Management
Report: Human error driving growing number of data breaches
Verizon’s annual data breach report shows trends in cybersecurity incidents, including more ransomware and extortion attacks last year.
Posted inRisk Management
Federal banking regulators issue TPRM guidance for community banks
The Federal Deposit Insurance Corporation, Federal Reserve Board, and Office of the Comptroller of the Currency combined to provide guidance on third-party risk management focused on the unique risks faced by community banks in their third-party relationships.
Provided by
SEC doubles down on cyber risk management accountability
To help investors gain a better understanding of cyber risk, the US Securities and Exchange Commission (SEC) has created sweeping new rules—forcing companies to take a more proactive approach to cybersecurity.
