SEC needs to up its cybersecurity game, Clayton tells Senate

Getty Images/iStockphoto

More cybersecurity breaches of markets should be expected, SEC Chairman Jay Clayton told a Senate oversight panel Tuesday.

"We must recognize there will be breaches … We are under constant attack from high-level actors," Mr. Clayton told the Senate Committee on Banking, Housing and Urban Affairs, which oversees the Securities and Exchange Commission.

On Sept. 21, Mr. Clayton said he learned in August that the SEC's EDGAR filing system was breached in 2016 and may have led to illicit trading on non-public information. The breach was tracked to a custom software defect in EDGAR's test filing component. Mr. Clayton said the breach did not result in unauthorized access to personally identifiable information, or present systemic risk, but that it may take "substantial time" to understand the extent and impact of the intrusion. The SEC's inspector general is also investigating the breach, which was reported to the Department of Homeland Security.

On Monday, the SEC announced an enforcement cyber unit and a task force focusing on retail investors that have been in the planning stages for months. The cyber unit, to be run by Robert A. Cohen, co-chief of the enforcement division's market abuse unit, will look for cyber-related threats to trading platforms and other critical market infrastructure, market manipulation schemes involving false information spread through electronic and social media, hacking to obtain material non-public information, and intrusions into retail brokerage accounts, among other activities.

Mr. Clayton told the Senate panel that individual firms spend far more resources on cybersecurity, and that the agency needs additional resources. "We need to up our game," he said.

In his first oversight hearing since taking over the agency in May, Mr. Clayton said that along with cybersecurity, his priorities are protecting retail investors and markets and facilitating capital formation. Pressed by several senators on the Department of Labor's fiduciary rule, Mr. Clayton said that working with the DOL to harmonize the rule "is a priority for me."

Related Articles
Lack of guidance putting institutions at end of line
Jay Clayton said illicit trading possible from EDGAR breach
Deloitte email platform hacked
EDGAR breach has managers questioning SEC's own protections
SEC says EDGAR breach obtained personal information of 2 people
Jay Clayton tells lawmakers SEC is drafting its own fiduciary duty rule
Cybersecurity concerns spin havoc
Asset managers' systemic risk should be regulated differently than banks — Trea…
SEC enforcement actions, fines drop precipitously following Jay Clayton's appoi…
SEC hack is said likely to involve Eastern European crooks
SEC's trading and markets deputy director to retire at end of year
Wall Street aims to thwart a hacking nightmare for 401(k) accounts
SEC chairman non-committal on dual-class, cybersecurity, fiduciary rule-making
Recommended for You
Standards-of-conduct rules approved along party lines
Standards-of-conduct rules approved along party lines
Investors hail SEC guidelines on exchanges
Investors hail SEC guidelines on exchanges
SEC passes Reg BI package by 3-1 vote
SEC passes Reg BI package by 3-1 vote