SEC Releases Cybersecurity Proposed Rule

The Securities and Exchange Commission (SEC) has issued a proposed rule to address cybersecurity risks. According to an SEC fact sheet, the proposal would require broker-dealers and certain other entities (collectively referred to as “Market Entities”), to establish, maintain, and enforce written policies and procedures designed to address cybersecurity risks.

Significant cybersecurity incidents would need to be immediately reported to the SEC, and Market Entities other than certain types of small broker-dealers (“Covered Entities”) would be subject to additional reporting and public disclosure requirements using proposed Form SCIR. Covered entities would also need to ensure their policies and procedures include periodic assessment and monitoring of information systems related to cybersecurity risks, controls to prevent unauthorized access to such systems, and measures to detect and remediate threats and detect and respond to a cybersecurity incident.

Comments can be submitted within 60 days of publication of the proposal in the Federal Register.