For more than five hours this week, business leaders and attorneys discussed cyber-security issues at a roundtable held by the Securities and Exchange Commission. Most agreed that more had to be done. What that is, exactly, failed to find broad consensus.

“There is no doubt that the SEC must play a role in this area,” SEC Commissioner Louis Aguilar said. “What is less clear is what that role should be." His proposed next step is the creation of a Cyber-Security Task Force, composed of representatives from each SEC division who will meet regularly to discuss evolving issues advise the Commission on its future demands and disclosure requirements.

“I have become particularly concerned about the risks that cyber-attacks pose to public companies and to... exchanges, clearing agencies, transfer agents, broker-dealers, and investment advisers,” Aguilar said. “Cyber-attacks aimed at these market participants can have devastating effects on our economy, on individual consumers, and on the markets and investors the SEC was created to safeguard.”

While the SEC did issue guidance—although not rulemaking—to public companies about their disclosure obligations regarding cyber-security risks and incidents in October 2011, “the increased pervasiveness and seriousness of the cyber-security threat raises questions about whether more should be done to ensure the proper functioning of the capital markets and the protection of investors,” Aguilar said.

SEC Chairman Mary Jo White focused her comments on cyber-security threats to self-regulatory organizations (SROs) and trading systems. She expects progress in the battle to keep them secure will come from the pending Regulation SCI (Systems, Compliance and Integrity). Those covered by the rule would be required to test automated systems for vulnerabilities and maintain adequate business continuity and disaster recovery plans. The rules, which she expects to be finalized later this year, also require these organizations to notify the SEC of all cyber-intrusions and establishes deadlines for them to recover clearing and trading operations.