- Topics
- Regions
- Events
- Webcasts
- Resources
- CW Exclusives
- Membership
“For tracking litigation, enforcement, and regulatory developments, Compliance Week
should be your prime source.”- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
SEC’s Grewal spotlights enforcement focus on cyber disclosures
By 
Adrianne Appel2023-06-29T21:32:00
The No. 1 priority at the Securities and Exchange Commission (SEC) after organizations are impacted by a cybersecurity incident is that investors receive timely and accurate disclosures, according to the agency’s enforcement head.
The SEC understands firms have to make quick decisions when responding to a cyberattack, including around disclosures, said Gurbir Grewal during a speech at a cyber resilience summit on June 22.
“But we cannot lose focus of the fact that those decisions directly impact customers” and might be material to investors, Grewal said. Publicly traded companies, investment advisers, and broker-dealers collect and hold an extensive amount of data about organizations and client accounts, plus personally identifiable information about individuals that’s valuable to bad actors, Grewal said.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumPreparing for SEC cybersecurity rules an opportunity for collaboration
Businesses can prepare for the Securities and Exchange Commission’s upcoming cybersecurity disclosure rule by going through it and identifying key gaps in compliance.
-
PremiumRisks, opportunities under SEC’s cyber incident disclosure rule
The clock is ticking for public companies to put in place policies and practices to meet the requirements of the Securities and Exchange Commission’s newly approved cybersecurity incident disclosure rule.
-
News Brief
SEC adopts rule requiring cyber incident disclosures within four days
The Securities and Exchange Commission finalized its controversial rule requiring public companies to disclose the nature, scope, timing, and impact of cybersecurity incidents deemed to be material within four business days.
More from Regulatory Enforcement
-
News BriefFCA dings Infinox in first fine under U.K. capital market reforms of 2018
The U.K. Financial Conduct Authority issued a landmark fine against trading platform Infinox Capital for failing to report “high-risk” transactions, the first-ever enforcement under a 2018 law.
-
News BriefKuCoin latest crypto firm to pay hefty price for violating BSA with $297M penalty
The Sechelles-based owner of cryptocurrency exchange KuCoin has agreed to pay nearly $300 million in penalties–and cease doing business in the U.S. for two years–to settle charges that it failed to properly monitor potential criminal activity on its network.
-
News BriefDOJ indicts five in remote IT work scheme to circumvent North Korean sanctions
Five people, including two Americans, allegedly duped U.S. companies into hiring North Koreans for contract IT work, and funneled millions in U.S. dollars to the sanctioned regime, the Department of Justice said.