SEC Looks to Tighten its Grip on Cybersecurity Measures

Savage Villoch Law, PLLC

In light of the ever-expanding role of digital technology in daily life, along with a string of recent high-profile cyberattacks, it is fitting that the Securities and Exchange Commission (“SEC”) has included cybersecurity risks on their 2021 regulatory agenda. The SEC last provided cybersecurity guidance in 2018, though critics argue that the 2018 Guidance was insufficient and merely reiterated the SEC’s formal guidance from 2011. [1] However, given recent executive-branch interest in cybersecurity issues, it is predicted that cybersecurity rules set forth in 2021 will offer more actionable and concrete protective measures for investors. [1]

As a vast swath of sensitive, personal data is shared in the digital space, and as businesses and the government rely increasingly on complex computing systems to maintain their operations, cyber risks have multiplied exponentially. Cyber attackers target sensitive personal data in an effort to compromise a business, a business’s clients, or the public at large, often while demanding a ransom.

So far in 2021, numerous cyberattacks have taken place. Most notably, the Colonial Pipeline was hacked in May, resulting in gasoline shortages across the Southern United States, and in June, a cyberattack on a large meat manufacturer halted a quarter of all beef operations in the United States for two days. [2] Countless other large- and small-scale cyberattacks occur regularly, amplifying the need for investor protection from such future occurrences.

The SEC’s renewed focus on cybersecurity risks expands beyond their commitment to adopting additional cybersecurity guidance and regulations – it is also echoed in recent enforcement actions they have taken.

In recent months, the SEC has levied charges against two large companies in connection with cybersecurity deficiencies. First, in May, the broker-dealer GWFS Equities (“GWFS”) was charged with violations of federal securities laws which require the filing of Suspicious Activity Reports (“SARs”). [3] The SEC found that GWFS had failed to file SARs for approximately 130 instances of bad actors what had attempted to access customer data and retirement accounts. [3]

The Director of the SEC’s Denver office, Kurt Gottschall, noted that GWFS’s failure to file SARs for suspicious activity “deprived law enforcement of critical information relating to the threat that … bad actors pose to retirees’ accounts,” highlighting the risks associated with a company skirting cybersecurity regulations. [3] Although GWFS neither admitted to nor denied the SEC’s charges, a settlement was reached, resulting in a hefty $1.5 million penalty as well as an order for GWFS to cease any further violations of this kind. [3]

Then, in June, the SEC charged First American Title Insurance Company (“First American”) with violations to disclosure controls which posed cybersecurity threats to sensitive customer data. [4]. The SEC alleged that First American was deficient in reporting cybersecurity vulnerabilities, and a settlement agreement was reached with a $484,000 penalty against First American. [4]

Moving forward, the SEC has made clear its intention to foster cybersecurity protections. In particular, the SEC will likely create or strengthen cybersecurity disclosure obligations of public companies, whose investors are put at risk when breaches and attacks occur. While the new SEC rules won’t be made public until this Fall, public companies should prepare themselves by remaining vigilant in their efforts to protect customers and investors from the litany of cybersecurity threats that exist each day.

Sources:

[1] https://www.jdsupra.com/legalnews/sec-increasingly-turns-focus-toward-3610987/

[2] https://nymag.com/intelligencer/article/ransomware-attacks-2021.html

[3] https://www.sec.gov/news/press-release/2021-82

[4] https://www.sidley.com/en/insights/newsupdates/2021/06/sec-announces-settled-charges-against-first-american-for-cybersecurity-disclosure-controls-failures

Client Reviews

I am deeply grateful for the superb representation I received from Robert (Bert) Savage, at Savage Villoch Law representing me in my complex investment loss claim. Bert and the legal team at Savage Villoch Law were consistent and persistent from the start, understanding and pursuing my case and...

L. Nathan

Alfred Villoch is a very versatile individual. He's helped me in several parts of the law and was able to leverage his experience multiple times whether with corporate law or insurance. He takes the extra steps needed to not only ensure an iron clad proposal is offered but sees the value as a...

Simon

Over the years I have come to rely on the expertise of Robert "Bert" Savage in the most important matters concerning my business and my non profit organization. His knowledge and guidance has allowed me to take a more successful path than I would've chosen without him. He takes a genuine interest in...

Bob

If ever I have a legal question impacting my affairs I know I can turn to Alfred as a dependable resource. Accessing his high levels of varied expertise ensures I make decisions that shall contribute to favorable outcomes. He's extremely responsive and thoughtful in his advice, and is always...

Joy

Bert Savage has been a great help to myself and my company. He has demonstrated that he is very knowledgeable and effective, and seems to achieve a lot with the hours he bills. We are quite satisfied with his services and intend to continue our relationship with him. Highly recommended for any of...

William

Contact Us

  1. 1 Free Case Study
  2. 2 Over 40 Years of Combined Experience
  3. 3 No Fees Unless You Win

Fill out the contact form or call us at 813-200-0013 to schedule your free consultation.

Leave Us a Message