SEC prioritises cybersecurity
Thursday, 13 March 2014 12:40pm

Speculation is growing in the US that the financial regulator will impose uniform cybersecurity standards across firms operating in the financial system.

Awareness of cybersecurity as a systemic threat has risen following realisation that the financial system and Wall Street in particular is in essence just a data and transaction network.

The growing use of the internet as the hosting environment among institutions and now among consumer and the proliferation of devices to access this environment reinforces this. Forrestor research released a report last week that predicted within three years 80% of people in US will use online banking and almost half will use mobile banking.

Nevertheless there is a view that cybersecurity is an issue primarily for large firms, but the Securities and Exchange Commission (SEC) has signalled that it's equally important for small firms because every point of access to financial system network has to be protected.

However, Jane Jarcho, chief of the SEC Adviser and Investment Company Examination Program, said the SEC won't be issuing rules-based specific requirements but principles it expects market participants to follow, reported the US news service Financial Advisor.

"Small securities firms won't get a pass on cyber security rules," she said.

Cybersecurity awareness has grown as an issue following US senator Jay Rockefeller, who is chair of the Senate Commerce committee, writing to the SEC a year ago warning that "investors deserve to know whether companies are effectively addressing their cybersecurity risks - just as investors should know whether companies are managing their financial and operational risks".

John Mutch, CEO of BeyondTrust, a security and compliance solutions specialist, wrote in Forbes magazine that cybersecurity requires an 'all or nothing' approach.

Manual processes are also no defence, he said, because they are too ad hoc and risk prone. The irony is that automated process can be systemically protected, unstructured ad hoc processes can't be easily safe guarded, he explained.

Link to something rNzkH87X