The SEC just fired its second summer cybersecurity enforcement salvo in the span of two weeks, turning its enforcement torrent from cyber-related disclosure failures at public companies, to cybersecurity failures at SEC-registered financial firms.
In its first salvo, fired on August 16, 2021, the SEC went ballistic. Without alleging fraud, without charging any individuals and, in one instance without even alleging materiality, the SEC filed two administrative enforcement actions against two public companies for cyber-related disclosure failures.
But in its second salvo, fired on August 30, 2021, the SEC went plaid. Once again, without alleging fraud, without charging any individuals and, this time, without alleging harm to any customer or other stakeholder, the SEC filed three more administrative enforcement actions, all relating to the failure of SEC-registered entities to safeguard customer information.
Source: (86) Key Takeaways From a Second Summer Blitzkrieg of SEC Cybersecurity Enforcement | LinkedIn