Haima Marlier spoke to Compliance Week about the U.S. Securities and Exchange Commission (SEC) considering new cybersecurity and data privacy disclosure requirements for investment companies, investment advisers, broker-dealers, and public companies, according to SEC chair Gary Gensler.
According to Haima, Gensler has previously indicated a rulemaking emphasis on internal controls for public companies, and this could mean Gensler and the SEC intend to provide more structure around the internal processes and systems in place within public companies for assessing a cyberattack and determining whether to elevate the incident out of IT and up the corporate chain of command.
Read the full article (subscription may be required).