TheCorporateCounsel.net

This Reuters article says that SEC Enforcement Co-Directors Stephanie Avakian & Steve Peikin have identified cyber crime as the top threat facing US securities markets:

“The greatest threat to our markets right now is the cyber threat,” said Peikin, who was still wearing a guest badge because he has not yet received his formal SEC credentials yet. “That crosses not just this building, but all over the country.”

The SEC has started to see an “uptick” in the number of investigations involving cyber crime, as well as an increase in reports of brokerage account intrusions, Avakian said. As a result, the agency has started gathering statistics about cyber crimes to spot broader market-wide issues.

The kinds of cyber crimes the SEC has been noticing range from stealing information for the purpose of insider trading, to breaking into accounts to either steal assets, trade against them or manipulate markets.

SEC enforcement actions involving cyber crime include notable insider trading cases based on information obtained by hacking into computer systems of major newswires and – more recently – two prominent law firms.

Cybersecurity: Target Settlement & Emerging Best Practices

In addition to acting against cyber criminals, the SEC & other authorities are demanding increased vigilance on the part of businesses to prevent these crimes from happening.  Just last month, Target announced a $18.5 million settlement with 47 state attorneys general & DC to resolve issues arising out of its 2013 customer data breach. As part of the deal, Target also agreed to implement new measures to safeguard consumer privacy.

This Davis Polk memo points out that the measures agreed to in this settlement are much more detailed and specific than those contained in the company’s 2015 consumer class action settlement:

Comparing the measures that were required in the 2015 settlement with those in the 2017 settlement highlights the dramatic increase in expectations for cybersecurity over the last two years. Indeed, the requirements set forth in the recent Target settlement closely track the cybersecurity measures that were recently imposed by the New York Department of Financial Services (“DFS”) through Rule 23 NYCRR 500, which New York Governor Cuomo described as “strong, first-in-the-nation protections,” and which the DFS characterized as “landmark regulation.”

The memo includes a chart comparing the terms of the recent settlement with the 2015 settlement and the DFS’s requirements. The significant overlap between what Target signed up for & New York’s requirements suggests that the measures prescribed in the DFS regs may be emerging as “best practices” when it comes to data protection.

Tomorrow’s Webcast: “Flash Numbers in Offerings”

Tune in tomorrow for the webcast — “Flash Numbers in Offerings” — to hear Cravath’s LizAnn Eisen, Simpson Thacher’s Joe Kaufman and Latham & Watkins’ Joel Trotter analyze all the issues related to the use of flash numbers in offerings.

– John Jenkins