In a recent move, the United States Securities and Exchange Commission (SEC) has again show a significantly strong step against crypto firms and the larger online world. The regulator has decided to enact tougher and stricter rules on the digital sector to combat increasing threat from cyberattacks.
Reportedly, the SEC through the new rules strive to be tough on the bad actors of the online world. Sources reveal that under the new rules, all registrants including crypto firms will have to be more forthcoming about cyber breaches they undergo. They will face stiffer reporting requirements including yearly disclosures to the SEC about the systems and protocols they have in place to thwart breaches.
Notably, the SEC has codified the new policy with a written requirement. Reportedly, when registrants fill out Form 8-K, they will find a new item, 1.05. This is where the firms will have to provide details of any cyber incident with what the agency would consider a “material impact.”
Then, registrants will have four days after the incident to provide a 1.05 filing with the requested information. Although the SEC may allow more time when disclosure could have national security implications.
According to SEC’s announcement, the form will require information on “the material aspects of the incident” like the “nature, scope, and timing, as well as its material impact or reasonably likely material impact on the registrant.”
Hence, now firms simply cannot get away after a breach of cyber defenses and carry on as if nothing happened as that might be of concern to regulators or to investors. Furthermore, Regulation S-K Item 106 imposes more requirements.
As per the regulator, online firms as well exchanges including Crypto will have to provide a lot of data on the systems they have in place to spot and thwart cyber threats. This also includes their board of directors’ level of attention to the issue.
Now, annual reports will have to offer all these disclosures on Form 10-K. Simultaneously, foreign private issuers face similar, but separate, disclosure requirements.
However, it is important to note that while these rules are a strong step, cyberattacks don’t just target firms and exchanges. They have also hit governments considering many governments in recent months have done a poor job of erecting firewalls against cyber breaches.
To this, a recent study by cybersecurity firm Surfshark found that more cyberattacks affected government bureaus in the first quarter of 2023 than in all of 2022. Through these findings, the firm drew on data from the Center for Strategic and International Studies (CSIS).
The CSIS findings are startling. As recently as last month, the Department of Energy and other US federal agencies suffered a severe cyber breach. The bad actors were, allegedly, hackers with ties to Russia as reported by Todayq News.
Now, it is important to note that while the hacking is increasing, the use of crypto as ransom demands have also increased. Reportedly, crypto jacking in the first half of 2023 surpasses 2020, 2021 and 2022 altogether. Among this, the education as well as the healthcare have been most targeted.
However, the increasing threat to government agencies signify that even the authorities are not safe, which implies none of us are. It is well and good for the SEC to make a show of being tough with cryptocurrency and other exchanges. However, it’s worth a thought if the SEC is doing so at the expense of ignoring more pressing problems.