Stephanie Avakian, deputy director for the Division of Enforcement, said that the division views cybersecurity violations in “three different buckets.”
The first is when “registrants fail to take appropriate steps to safeguard information.” Violations of Regulations S-P and S-ID would fall into this category.
Second is when material nonpublic information is stolen to gain market advantage.
The last category of cyber violations is when cyber disclosure is false or misleading, “whether or not there’s actually been an incident.”
via SEC Highlights Its Cybersecurity Efforts.
