SEC Proposes Rule on Cybersecurity Risk Management

The SEC has issued a proposed rule, Cybersecurity Risk Management Rule for Broker-Dealers, Clearing Agencies, Major Security-Based Swap Participants, the Municipal Securities Rulemaking Board, National Securities Associations, National Securities Exchanges, Security-Based Swap Data Repositories, Security-Based Swap Dealers, and Transfer Agents.

Under the proposed rule, “market entities” (as that term is defined in the proposal) would be required to address their cybersecurity risks by (1) implementing certain policies and procedures, (2) immediately notifying the SEC about significant cybersecurity incidents and “reporting detailed information to the Commission about” such incidents, and (3) providing “public disclosures that would improve transparency with respect to cybersecurity risks and significant cybersecurity incidents.”

For more information, see the press release and fact sheet — as well as statements by SEC Chair Gary Gensler and Commissioners Caroline Crenshaw, Jaime Lizárraga, and Hester Peirce — on the SEC’s Web site.