U.S. Securities and Exchange Commission (“SEC”) Chair Mary Jo White confirmed Tuesday that cyber security is the biggest risk currently facing the financial system. Her strong warning of the threat posed by hackers follows the successful $81 million cyber theft from the Bangladesh central bank and a second failed attack on Vietnam’s TPBank. As White told the Reuters Financial Regulation Summit in Washington, D.C., the SEC, which regulates securities markets, has found some major exchanges, dark pools (alternative trading systems), and clearing houses did not have cyber policies in place that matched the sort of risks they faced. “What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks,” she said.
White’s assessment echoes comments made by U.S. Commodity Futures Trading Commission (“CFTC”) Commissioner Christopher Giancarlo in December 2015 pinpointing cyber warfare as the most pressing issue facing regulatory agencies. Despite SEC and CFTC attempts to execute initiatives and propose measures to counteract cyber-attacks, the frequency and sophistication of these attacks is ever increasing. They join other federal regulatory and law enforcement agencies that have been repeatedly warning about cyber risks. Strong protection against these threats cannot be achieved without a comprehensive cyber security governance framework customized to the risks and threats facing an entity or organization.