SEC might release firms' cybersecurity exam results

The Securities and Exchange Commission (SEC) could release this year the results of a cybersecurity examination it conducted in 2014 across roughly 100 financial firms, according to multiple reports.

Speaking at a Practising Law Institute event Wednesday, the agency’s top inspection official said the report gives an indication of how the financial industry is doing on cybersecurity.

ADVERTISEMENT

“My sense on cyber is it’s an unusual regulatory issue,” said Andrew Bowden, who heads the Office of Compliance Inspections and Examinations, Law360 reported. “Everybody understands the stakes and people therefore are highly motivated to get it right.”

Although the finance industry’s cyber defenses are seen as tops in the private sector, bank security has come under scrutiny in recent months. A massive intrusion at JPMorgan Chase in June exposed the sensitive information of 76 million households. More recently, a disgruntled Morgan Stanley employee made off with account information belonging to 350,000 customers.

Not surprisingly, cyber risks have rapidly become banks’ top fear, according to recent surveys.

Regulators have responded. Wall Street’s top watchdog in December issued a more thorough cybersecurity examination for banks. Lawmakers are also increasingly pressing federal agencies like the SEC and Treasury Department to hold the finance industry to higher cyber standards.

Whether it's released, the SEC review could inform further oversight efforts.

The exam looked into whether companies had seen malware on their systems or had experienced different types of network breaches. It also focused on whether third-party vendors connecting to company networks had ever been compromised. Many large data breaches, including the one at JPMorgan, occur because hackers gained access through an outside vendor.

However, Bowden didn't tip his hand Wednesday about what the agency’s exam might reveal about further cybersecurity regulatory efforts, according to reports.