SEC Returns Spotlight to Cybersecurity Disclosure Enforcement
The SEC has two main independent bases for regulating cybersecurity issues. First, the SEC seeks to ensure transparency and full disclosure in the securities marketplace. It has wielded its regulatory and enforcement power in a manner designed to require all securities issuers - i.e., public companies to disclose material events relating to their cybersecurity programs and vulnerabilities. Second, the SEC’s oversight of broker dealers, investment advisers, and other regulated entities includes a number of requirements for those companies’ controls around assets and data.