As markets grow more global and complex, so too are the threats through cyber intrusion, denial of service attacks, manipulation, misuse by insiders, and other cyber misconduct. In the United States, aspects of cybersecurity are the responsibilities of multiple government agencies, including the SEC. Cybersecurity also is a responsibility of every market participant. The SEC is committed to working with federal and local partners, market participants, and others to monitor developments and effectively respond to cyber threats.
CISA Highlights – Cyber Threats and Advisories
The Cybersecurity and Infrastructure Security Agency (CISA) offers the latest cybersecurity news, advisories, alerts, tools, and resources. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money, and they are developing capabilities to disrupt, destroy, or threaten the delivery of essential services. Defending against these attacks is essential to maintaining the nation’s security. Protecting cyber space is the responsibility of individuals, families, small and large businesses, and local and federal governments.
For more information, visit the CISA Cyber Threats and Advisories webpage.
Get Information on Ransomware
Ransomware attacks are increasing in scale, sophistication, and frequency, victimizing governments, individuals, and private companies around the world. CISA has launched StopRansomware.gov a one-stop resource for individuals and organizations of all sizes to reduce their risk of ransomware attacks and improve their cybersecurity resilience. This webpage brings together tools and resources from multiple federal government agencies under one online platform. Learn more about how ransomware works, how to protect yourself, how to report an incident, and how to request technical assistance.
Getting in the Know
The SEC’s Office of Investor Education and Advocacy issued an investor alert titled 5 Ways Fraudsters May Lure Victims Into Scams Involving Crypto Asset Securities because fraudsters continue to exploit the popularity of crypto assets to lure retail investors into scams. Crypto assets may include assets commonly referred to as cryptocurrencies, crypto, coins, and tokens.
Cyber-Related Exam Priorities
During fiscal year 2025, exam priorities by the SEC's Division of Examinations include registrants’ policies and procedures, governance practices, data loss prevention, access controls, account management, and responses to cyber-related incidents, including those related to ransomware attacks. The Division also will review alternative trading systems’ safeguards to protect confidential trading information.
SEC Resources
Engaging Government Agencies and Industry
- Cybersecurity Guidance for Investment Advisers and Registered Investment Companies
- Guidance on Business Continuity Planning for Registered Investment Companies
Risk Alerts: Assessing Market Participant Readiness
- Safeguarding Customer Records and Information in Network Storage - Use of Third Party Security Features (May 2019)
- Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P: Privacy Notices and Safeguard Policies (April 2019)
- Observations from Investment Adviser Examinations Relating to Electronic Messaging (December 2018)
- Observations from Cybersecurity Examinations (August 2017)
- Cybersecurity: Ransomware Alert (May 2017)
- Cybersecurity Examination Initiative (September 2015)
- Cybersecurity Examination Sweep Summary (February 2015)
- Investment Adviser Use of Social Media (January 2012)
- Regulation S-P
- Regulation S-ID
- Regulation SDR
- Market Access Rule
- Electronic Storage of Broker-Dealer Records
Risk Alerts: Assessing Market Participant Readiness
- Observations from Cybersecurity Examinations (August 2017)
- Cybersecurity: Ransomware Alert (May 2017)
- Cybersecurity Examination Initiative (September 2015)
- Cybersecurity Examination Sweep (February 2015)
External Resources
- CISA: Report a Cyber Issue | Free Cyber Hygiene Services | Cyber Alerts
- Department of Homeland Security: Cybersecurity
- FBI: National Cyber Investigative Joint Task Force
- FINRA: Cybersecurity