Strict 30 day timeline fixed for Financial Institutions on data breaches says SEC

Financial institutions operating throughout America are now mandated to promptly report any data breaches within a 30-day timeframe, as per a new regulation set to be enforced by the Security and Exchange Commission (SEC) by the end of this month.

This requirement extends to a range of financial entities, including funding organizations, investment platforms, tax advisors, and international money transfer services. Gary Gensler, Chairperson of the SEC, emphasized the necessity of adjusting regulations to align with the evolving nature and impact of data breaches.

In response, the SEC has made significant updates to existing rules established in 2000 to safeguard customer financial data from scams and fraud. Gensler stressed the importance of financial institutions affected by data breaches providing detailed filings outlining the cyber-attack, compromised information, potential customer impact, and mitigation strategies.

While the new rules aim to enhance transparency and accountability, concerns have been raised regarding potential loopholes. For instance, financial institutions not detecting any compromise of personal information in a breach may not be obligated to report to the SEC, potentially leading to gaps in future filings and transparency issues, as highlighted by Ars Technica.

In light of these regulations, companies across all sectors and sizes are urged to prioritize robust cybersecurity measures. This includes proactive steps such as raising awareness among employees about cyber risks and implementing strategies to defend against both external threats and insider breaches. By strengthening cybersecurity practices, organizations can better safeguard their IT infrastructure and mitigate risks effectively.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display