SEC Hacking Disclosure Fell Short of Its Own Guidance

In the Media
1 min read

The SEC data hack in 2016 spelled negative connotations for cybersecurity for even the most seemingly secure bodies, and its disclosure of the attack received criticism for its delayed and limited rollout.

According to Steven Chabinsky, the chair of the Global Data, Privacy & Cybersecurity practice at global law firm White & Case, federal agencies do have discretion over how much to tell individuals affected by a network breach.

When it comes to security controls, "Reasonableness is what federal regulators are looking for, which means the proper adoption of risk management principles, not perfect security," he said.