Commentary by Jeffrey Wells, Visiting Fellow, National Security Institute at George Mason University’s Antonin Scalia Law School
The settlement between the SEC and the owner of the New York Stock Exchange is a critical reminder of the vulnerabilities within financial institutions’ cybersecurity frameworks as well as the importance of regulatory oversight.
In 2018, a severe cyberattack on a subsidiary of Intercontinental Exchange Inc. (ICE), the owner of the New York Stock Exchange (NYSE), exposed highly sensitive information. The SEC’s subsequent investigation revealed that ICE failed to implement adequate cybersecurity measures, compromising its systems.
As a result, ICE was required to pay a $10 million settlement. This incident is a stark reminder of the critical need for robust cybersecurity practices, particularly for entities handling such vital financial data.
The primary accountability lies with ICE, which neglected to enforce stringent cybersecurity protocols. The SEC’s findings indicate that ICE’s subsidiary had multiple vulnerabilities that must be addressed adequately. This lack of preparedness is a significant breach of fiduciary duty to protect sensitive financial information.
However, the $10 million fine, while significant, raises questions about whether it is enough to deter future negligence by major financial institutions.
Read more: The NYSE’s $10M Wake-up Call
Related: Don’t Forget to Report a Breach: A Cautionary Tale
https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltb9d232a31f5187e5/667f1e12628e435b221eb306/CISO(1800)-ronstik-Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop
