As markets grow more global and complex, so too are the threats through cyber intrusion, denial of service attacks, manipulation, misuse by insiders and other cyber misconduct. In the United States, aspects of cybersecurity are the responsibilities of multiple government agencies, including the SEC. Cybersecurity is also a responsibility of every market participant. The SEC is committed to working with federal and local partners, market participants and others to monitor developments and effectively respond to cyber threats.

CISA Recommends Enhanced Cybersecurity Posture – Shields-Up

Regardless of size, CISA recommends all organizations adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.  Recommended actions include: (1) reduce the likelihood of a damaging cyber intrusion, (2) take steps to quickly detect a potential intrusion, (3) ensure that the organization is prepared to respond if an intrusion occurs, and (4) maximize the organization's resilience to a destructive cyber incident.

For more information please visit: CISA’s Shields Up guidance page.

Get Information on Ransomware

Ransomware attacks are increasing in scale, sophistication, and frequency, victimizing governments, individuals, and private companies around the world. The Cybersecurity and Infrastructure Security Agency (CISA) has launched StopRansomware.gov a one-stop resource for individuals and organizations of all sizes to reduce their risk of ransomware attacks and improve their cybersecurity resilience. This webpage brings together tools and resources from multiple federal government agencies under one online platform. Learn more about how ransomware works, how to protect yourself, how to report an incident, and how to request technical assistance.

Getting in the Know

Investors increasingly rely on the internet to open investment accounts, check up on their holdings and make securities transactions. The SEC provides valuable guidance, including an Investor Alert and Investor Bulletin to help investors get in the know and protect themselves from cyber threats.

Keeping a Watchful Eye

The SEC provides cybersecurity guidance to help broker-dealers, investment advisers, investment companies, exchanges, and other market participants protect their customers from cyber threats. The agency also keeps a watchful eye over market participants, including by making cybersecurity a priority of its National Exam Program.

Holding Them Accountable

The SEC uses its civil law authority to bring cyber-related enforcement actions that protect investors, hold bad actors accountable, and deter future wrongdoing. The Division of Enforcement established a special unit in September 2017 with substantial cyber-related expertise. The unit focuses on violations involving digital assets, initial coin offerings and cryptocurrencies; cybersecurity controls at regulated entities; issuer disclosures of cybersecurity incidents and risks; trading on the basis of hacked nonpublic information; and cyber-related manipulations such as brokerage account takeovers and market manipulations using electronic and social media platforms.

SEC Resources

Last Reviewed or Updated: July 5, 2024