Skip to main content

Company Filings

SEC Emblem
U.S. Securities and
Exchange Commission
  • About
    • Careers
    • Commissioners
    • Contact
    • Reports and Publications
    • Securities Laws
    • What We Do
  • Divisions & Offices
    • Corporation Finance
    • Enforcement
    • Investment Management
    • Economic and Risk Analysis
    • Trading and Markets
    • Office of Administrative Law Judges
    • Examinations
    • Regional Offices
  • Enforcement
    • Litigation Releases
    • Administrative Proceedings
    • Opinions and Adjudicatory Orders
    • Accounting and Auditing
    • Trading Suspensions
    • How Investigations Work
    • Receiverships
    • Information for Harmed Investors
  • Regulation
    • Rulemaking Index
    • Proposed Rules
    • Final Rules
    • Interim Final Temporary Rules
    • Other Orders and Notices
    • Self-Regulatory Organizations
    • Staff Interpretations
  • Education
    • Investor Education
    • Glossaries
    • Small Business Capital Raising
  • Filings
    • EDGAR – Search & Access
    • EDGAR – Information for Filers
    • Company Filing Search
    • How to Search EDGAR
    • Forms List
    • About EDGAR
  • News
    • Press Releases
    • Speeches and Statements
    • Securities Topics
    • Upcoming Events
    • Webcasts
    • SEC in the News
    • SEC Videos
    • Media Gallery
  • U.S. Securities and Exchange Commission
    • Divisions & Offices
    • Enforcement
    • Regulation
    • Education
    • Filings
    • Newsroom
  • Newsroom
    • Press Releases
    • Testimony
  • RSS Feeds
    • Press Releases
    • Public Statements
    • Speeches
    • Testimony
  • Securities Topics
  • Crowdfunding
  • Cybersecurity
  • Enforcement Cooperation Program
  • Enforcement Task Force Focused on Climate and ESG Issues
  • Foreign Corrupt Practices Act
  • Initial Coin Offerings (ICOs)
  • Implementation of Dodd-Frank Act
  • Market Structure and Data Analysis
  • Microcap Fraud
  • Ombudsman
  • Regulation Best Interest
  • Saving and Investing for Military Personnel
  • Teacher Investment Outreach
  • Whistleblower Awards
  • Securities Topics
  • Crowdfunding
  • Cybersecurity
  • Enforcement Cooperation Program
  • Enforcement Task Force Focused on Climate and ESG Issues
  • Foreign Corrupt Practices Act
  • Initial Coin Offerings (ICOs)
  • Implementation of Dodd-Frank Act
  • Market Structure and Data Analysis
  • Microcap Fraud
  • Ombudsman
  • Regulation Best Interest
  • Saving and Investing for Military Personnel
  • Teacher Investment Outreach
  • Whistleblower Awards

Cybersecurity

Cybersecurity graphic

As markets grow more global and complex, so too are the threats through cyber intrusion, denial of service attacks, manipulation, misuse by insiders and other cyber misconduct. In the United States, aspects of cybersecurity are the responsibilities of multiple government agencies, including the SEC. Cybersecurity is also a responsibility of every market participant. The SEC is committed to working with federal and local partners, market participants and others to monitor developments and effectively respond to cyber threats.

d

CYBERSECURITY UPDATE:

CISA Recommends Enhanced Cybersecurity Posture – Shields-Up.

Regardless of size, CISA recommends all organizations adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.  Recommended actions include: (1) reduce the likelihood of a damaging cyber intrusion, (2) take steps to quickly detect a potential intrusion, (3) ensure that the organization is prepared to respond if an intrusion occurs, and (4) maximize the organization's resilience to a destructive cyber incident.

For more information please visit: CISA’s Shields Up guidance page.

Get Information on Ransomware

Ransomware attacks are increasing in scale, sophistication, and frequency, victimizing governments, individuals, and private companies around the world. The Cybersecurity and Infrastructure Security Agency (CISA) has launched StopRansomware.gov a one-stop resource for individuals and organizations of all sizes to reduce their risk of ransomware attacks and improve their cybersecurity resilience. This webpage brings together tools and resources from multiple federal government agencies under one online platform. Learn more about how ransomware works, how to protect yourself, how to report an incident, and how to request technical assistance.


 

GETTING IN THE KNOW

Investors increasingly rely on the internet to open investment accounts, check up on their holdings and make securities transactions. The SEC provides valuable guidance, including an Investor Alert and Investor Bulletin to help investors get in the know and protect themselves from cyber threats.

c

KEEPING A WATCHFUL EYE

The SEC provides cybersecurity guidance to help broker-dealers, investment advisers, investment companies, exchanges, and other market participants protect their customers from cyber threats. The agency also keeps a watchful eye over market participants, including by making cybersecurity a priority of its National Exam Program.

a

HOLDING THEM ACCOUNTABLE

The SEC uses its civil law authority to bring cyber-related enforcement actions that protect investors, hold bad actors accountable, and deter future wrongdoing. The Division of Enforcement’s Cyber Unit was established in September 2017 and has substantial cyber-related expertise. The Cyber Unit focuses on violations involving digital assets, initial coin offerings and cryptocurrencies; cybersecurity controls at regulated entities; issuer disclosures of cybersecurity incidents and risks; trading on the basis of hacked nonpublic information; and cyber-related manipulations, such as brokerage account takeovers and market manipulations using electronic and social media platforms.

SEC Resources

  • Investors
  • Issuers / Public Companies
  • Investment Advisers / Investment Companies
  • Brokers and Dealers
  • Self Regulatory Organizations

Investors

Providing Investors with Information

Investor Bulletin: Protecting Your Online Investment Accounts from Fraud

Investor Alert: Identity Theft, Data Breaches and Your Investment Accounts

Social Media and Investing: Understanding Your Accounts

Social Media and Investing: Avoiding Fraud

Social Media and Investing: Stock Rumors

Issuers/Public Companies

Commission Statement and Guidance on Public Company Cybersecurity Disclosures

Guidance for Public Companies

Investment Advisers/Investment Companies

Regulation S-P

Regulation S-ID

Subpart C - Regulation S-ID: Identity Theft Red Flags

Adopting release

Compliance Rules

Investment Company Act Rule 38-1

Investment Advisers Act Rule 206(4)-7

Adopting release for ICA Rule 38-1 and IAA Rule 206(4)-7 (see Section II(A)(1) of the Adopting Release, which provides additional information about issues that the policies and procedures of funds or advisers should consider, certain of which are related to cybersecurity)

Engaging Government Agencies and Industry

Cybersecurity Guidance for Investment Advisers and Registered Investment Companies

Guidance on Business Continuity Planning for Registered Investment Companies

Assessing Market Participant Readiness

OCIE May 2019 – Risk Alert: Safeguarding Customer Records and Information in Network Storage - Use of Third Party Security Features

OCIE April 2019 - Risk Alert: Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P - Privacy Notices and Safeguard Policies

OCIE December 2018 – Risk Alert: Observations from Investment Adviser Examinations Relating to Electronic Messaging

OCIE August 2017 – Observations from Cybersecurity Examinations

OCIE May 2017 – Cybersecurity: Ransomware Alert

OCIE September 2015 Cybersecurity Examination Initiative

OCIE February 2015 - Risk Alert: Cybersecurity examination Sweep Summary

OCIE January 2012 - Risk Alert: Investment Adviser Use of Social Media

Brokers and Dealers

Regulation S-P

Regulation SDR

Exchange Act Rule 13n-6

Adopting release (see pages 232-236 for explanatory text)

Regulation S-ID

Subpart C - Regulation S-ID: Identity Theft Red Flags

Adopting release

Market Access Rule

Exchange Act Rule 15c3-5

Adopting release

Rule 17a-4(f) SEC Interpretation: Electronic Storage of Broker-Dealer Records

Assessing Market Participant Readiness

OCIE August 2017 – Observations from Cybersecurity Examinations

OCIE May 2017 – Cybersecurity: Ransomware Alert

OCIE September 2015 Cybersecurity Examination Initiative

OCIE Summary of 2014 Cybersecurity Examination Sweep

Self Regulatory Organizations

Regulation SCI

External Resources

  • CISA’s Apache Log4j Vulnerability Guidance
  • Cybersecurity and Infrastructure Security Agency – CISA Cyber Alerts
  • Department of Homeland Security - Cybersecurity
  • U.S. CERT Critical Infrastructure Cyber Community
  • FBI - National Cyber Investigative Joint Task Force
  • FINRA - Cybersecurity

 Are You Cyber-Savvy?

Take the quiz!

Cybersecurity Quiz

News

  • SEC Proposes New Requirements to Address Cybersecurity Risks to the U.S. Securities Markets
    March 15, 2023
  • SEC Proposes Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies
    March 9, 2022
  • SEC Announces Three Actions Charging Deficient Cybersecurity Procedures
    Aug. 30, 2021

DID YOU KNOW?

The SEC Division of Enforcement’s IT Forensics Lab hosts a highly specialized team of forensic analysts to assist in digital investigations, including cyber investigations.

Cybersecurity Risk Alerts

  • Cybersecurity Risk Alert: Safeguarding Client Accounts against Credential Compromise
    September 15, 2020
  • Cybersecurity Risk Alert: Ransomware Alert
    July 10, 2020
  • Cybersecurity Risk Alert: Safeguarding Customer Records and Information in Network Storage - Use of Third Party Security Features
    May 23, 2019
  • Cybersecurity Risk Alert: Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P - Privacy Notices and Safeguard Policies
    April 16, 2019

Email Updates

Signup for news about this topic.

Modified: April 11, 2023

STAY CONNECTED
1 Twitter 2 Facebook 3RSS 4YouTube
6LinkedIn 8 Email Updates

About The SEC

  • Budget & Performance
  • Careers
  • Commission Votes
  • Contact
  • Contracts
  • Data Resources

Transparency

  • Accessibility & Disability
  • Diversity & Inclusion
  • FOIA
  • Inspector General
  • No FEAR Act & EEO Data
  • Ombudsman
  • Whistleblower Protection

Websites

  • Investor.gov
  • Related Sites
  • USA.gov

Site Information

  • Plain Writing
  • Privacy & Security
  • Site Map
Return to Top