US SEC Tightens Its Focus On Companies’ Cyber Deficiencies
In an unprecedented trend, the US SEC regulator has taken punitive action against a number of investment and wealth management firms for failures in their cybersecurity this week.
This follows closely in the wake of the charges it took in mid Aug-2021 against Pearson, a London-based public company that provides educational publishing and other services to schools and universities. In that particular case, Pearson agreed to pay $1 million to settle charges that it misled investors about a 2018 cyber intrusion involving the theft of millions of student records, including dates of births and email addresses, and had inadequate disclosure controls and procedures.
In this latest move, the Securities and Exchange Commission sanctioned eight firms in three actions for failures in their cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm. The eight firms have agreed to settle the charges.