On July 12, 2017, U.S. Securities and Exchange Commission Chairman Jay Clayton made his first public speech as head of the Commission, emphasizing the need for coordination between companies and regulators to thwart cyber attacks.
“Information sharing and coordination are essential for regulators to address potential cyber threats and respond to a major cyber attack,” Clayton said in his remarks before the Economic Club of New York. He noted that such coordinated efforts were also essential among the SEC and “fellow financial regulators,” who were “working closely” together “to improve our ability to receive critical information and alerts and react to cyber threats.”
Clayton pointed out that the current digital environment is dangerous for all companies, with state-sponsored hackers targeting entities across industries. But, “[b]eing a victim of cyber penetration is not, in itself, an excuse,” he warned, because “public companies have a clear obligation to disclose material information about cyber risks and cyber events.” Nonetheless, Clayton stated that the SEC would be “cautious about punishing responsible companies who are nevertheless victims of sophisticated cyber penetrations.”
Clayton emphasized the need for investors to feel safe, part of his push to make the United States more attractive for initial public offerings. He also pointed out that this onus falls on the SEC, too, because “[i]nvestors should know that the SEC is looking out for them.”
On the enforcement front, Clayton stated that he “fully intend[s] to continue deploying significant resources to root out fraud and shady practices in the markets, particularly in areas where Main Street investors are most exposed.”