SEC to review firms’ cyber defenses

The Securities and Exchange Commission plans to scrutinize the way financial firms defend against cyberattacks after a series of recent high-profile data breaches, according to a new report.

The SEC wants to make sure asset managers are adequately prepared to defend against online intrusions that could expose sensitive financial information about their clients, Jane Jarcho, a national associate director at the commission, told a group of compliance professionals Thursday at the agency's headquarters, Reuters reported.

The agency will look at whether asset managers have policies that are strong enough to prevent and detect cyberattacks, Jarcho said. Regulators will also look at the safeguards asset managers have in place to protect against security risks posed by vendors who have access to their systems.


"We will be looking to see what policies are in place to prevent, detect and respond to cyberattacks," Jarcho said, according to Reuters. "We will be looking at policies on IT training, vendor access and vendor due diligence, and what information you have on any vendors."

This comes after a series of data breaches at well-known retailers like Target and Neiman Marcus that exposed customers' credit card information.

This week, Target said the cyberattack that allowed hackers to steal 40 million credit and debit card records targeted the store's vendors, whose systems were vulnerable.