In 2023 alone, there were over 3,200 reported cyberattacks, with over 350 million victims in the United States. That’s not to mention the undetected or failed attacks by these cybercriminals, both external and internal, to get access to sensitive data and customers’ Personal Identifiable Information (PII). Considering an average cost in the financial industry at $5.9 million per breach in recovery and lost revenue due to downtime, it’s no small matter for an industry in charge of safeguarding clients’ hard-earned assets.
Given that, along with the digital shift of the financial services industry, it’s no surprise that the Securities and Exchange Commission (SEC) is focusing its policies and regulations on ensuring firms enact protocols to protect the data they control and access.
Earlier this year, Egnyte’s director of financial services, Kyle Blaire, co-authored an article in the New York Law Journal with one of our industry partners, Fizza Khan, founder and CEO of Silver Regulatory Associates. I wanted to expand on a few points from that article and discuss how a successful cybersecurity strategy requires collaboration across financial services and other industries.
More SEC Regulation?
While few take joy in more regulation, this move by the SEC is actually good news. It clearly shows that the SEC understands the importance of protecting our financial systems and gives clients more assurance of data security. It also results in a lot of commentary and best practices surfacing that firms can use in building their cybersecurity infrastructure.
What's particularly fascinating about the SEC's strategy is the integration of privacy and security into the regulations. This approach marks a relatively novel direction in regulatory discussion, emphasizing the importance of maintaining client trust and ensuring data security is tightly safeguarded.
The finalized regulations from 2022 and 2023 with an effective date of August 2nd include breach notification requirements, which show that the SEC understands how tough it is for businesses to keep things transparent with their customers, while keeping public confidence up. Even so, the guidelines aim to create a trusting and secure atmosphere, ensuring businesses stay on their toes and accountable.
The Power of Working Together
The SEC's game plan for cybersecurity is all about the power of working together. It's about tapping into the community's collective smarts and skills to fight off cyber threats more effectively. This approach highlights how crucial it is for everyone to be in it together. It's not just about individual companies or regulatory bodies doing their bit, but about all sectors of the economy joining forces. And honestly, this teamwork isn't just nice to have; it's vital if we want to boost our cyber defense game. This is essential because while a hacker only needs to be successful once, firms need to always protect every access point.
By sharing what we know, lining up our responses to new threats, and sharing our top strategies, we're collectively building a cybersecurity framework for the financial services industry. These joint efforts don't just bump up our defenses but do much more by creating an environment where the financial sector doesn’t just survive cyberattacks but prevents them.
Cybersecurity Isn’t Just for IT Anymore… It’s Even for the SEC
Like the adage that everyone in a firm is in sales, gone are the days when cybersecurity was only the IT department's headache. Everyone must safeguard firms, from the investment manager to the front desk admin, whether at the most prominent financial players or the newest startups.
For a long time, the SEC was more of a bystander in the growing cybersecurity storm. Now, they’re introducing policy shifts with regulations aimed at making financial systems tougher against digital threats. They're pushing everyone to be ready to protect against and react to cyber threats, be transparent with customers, and let them know if something goes wrong. The stakes are high, and businesses must step up their policies and procedures quickly to avoid losing customer trust, facing legal issues, or even going out of business.
In today's regulatory environment, doing just the bare minimum is a gamble that's not worth taking. With the SEC's upcoming new rules looming over the financial sector, more than merely ticking off compliance checks on a list is required. This moment should be viewed as the starting line of a race rather than its finish.
We are at the edge of a significant change, where keeping every bit of client data and every digital transaction safe becomes a mandate rather than just a goal for which we can apologize when things go wrong.
To truly get ahead, companies must adopt a proactive stance toward cybersecurity. This involves completely controlling their digital strategies, cultivating a corporate culture deeply rooted in security awareness, and going beyond standard safety measures. By doing so, financial institutions can differentiate themselves in a crowded market, ensuring they meet and exceed regulatory expectations, and establish themselves as industry leaders.
Looking Ahead
While more regulations can be frustrating and challenging to navigate initially, the SEC's push on cybersecurity isn't just a bunch of rules. It's pushing the entire industry to bolster itself for a more secure financial world.
When we look back, I think the SEC's cybersecurity efforts won’t seem like a hassle. Instead, they’re the nudge industry leaders needed to double down on their commitment to keeping our financial world safe for everyone, today and tomorrow. I'm all in, cheering on the SEC's vision, ready to help lead the way into a future where innovation, teamwork, and a non-stop drive for excellence keep our finances tight and secure.
.png)
