Fenwick securities enforcement co-chair Michael Dicke spoke with Law360 about the U.S. Government Accountability Office’s warning to the U.S. Securities and Exchange Commission that it had not fully put in place a system for monitoring cyber intrusions on its financial systems.
The GAO’s report was disclosed as SEC Chairman Jay Clayton revealed that the commission’s key electronic filing system for public company disclosures had been hacked in 2016 and may have enabled insider trading.
Some have also raised questions about the pace of the SEC’s disclosures.
Dicke cautioned that each disclosure has to be weighed against the individual facts and circumstances of a particular breach. He noted to Law360 that in many cases, the victim of a breach will wait to collect as many facts as possible before disclosing.
Dicke explained that assurances from Clayton that no personally identifying information was accessed as a result of the breach may have allowed the SEC to delay disclosure. “That’s a lot of the time what triggers notification,” Dicke said.
The full article is available through the Law360 website (subscription required).