(Bloomberg) — The U.S. Securities and Exchange Commission will examine the exposure of stock exchanges, brokerages and other Wall Street firms to cyber-attacks that have been called a threat to financial stability.
More than half of exchanges surveyed globally in 2012 said they experienced a cyber-attack, while 67 percent of U.S. exchanges said a hacker tried to penetrate their systems. The SEC’s roundtable discussion of those risks tomorrow occurs as the agency weighs a new rule proposal asking whether stock exchanges should be required to tell their members about breaches of critical systems.
The agency also will probe how public companies are disclosing cyber threats in filings provided to investors. Businesses including Target Corp., from which hackers stole payment-card data for millions of shoppers in December, are required to disclose cyber threats when the information would affect an investor’s willingness to own the company’s shares.
“There certainly has been a spate of very recent, high-profile data breaches, and I’m sure that grabbed the attention of the SEC,” said John Reed Stark, a managing director at data security firm Stroz Friedberg LLC.
Tomorrow’s event was spurred by SEC Commissioner Luis A. Aguilar, who said in a speech last month that “there is a substantial risk that a cyber-attack could cause significant and wide-ranging market disruptions and investor harm.”
Public companies aren’t required by the SEC to disclose all cyber risks, though the regulator routinely reviews how such threats and incidents are described in annual reports. Some lawmakers, including Senator Jay Rockefeller, a West Virginia Democrat, have asked the SEC to consider making the disclosures mandatory.