Curated Content | Thought Leadership | Technology News

NY Stock Exchange Faces SEC Penalty Over 2021 Cyberattack

Cold busted.
Emory Odom
Contributing Writer

The Securities and Exchange Commission (SEC) has imposed a $10 million penalty on the Intercontinental Exchange (ICE), the owner of the New York Stock Exchange, for failing to properly respond to a 2021 cyber intrusion. The SEC’s investigation revealed that the organization delayed notifying its subsidiaries and the SEC about the incident, violating federal regulations.

ICE reported that the cyber intrusion, which involved malicious code inserted into a VPN device, had no impact on market operations. However, the SEC emphasized the importance of immediate reporting for maintaining market integrity and protecting investors.

Why it matters: This case underscores the critical importance of timely cybersecurity incident reporting, especially for major financial entities. It highlights the stringent regulatory expectations for market operators, the significant penalties for non-compliance, and the increasing government oversight in the financial sector to ensure robust cybersecurity measures. Additionally, it raises concerns about potential regulatory overreach and its impact on business operations.

  • Incident Details: The cyber intrusion occurred on April 15, 2021, when malicious code was inserted into a VPN device used by ICE. ICE delayed notifying its subsidiaries and the SEC, breaching Regulation SCI requirements.
  • SEC’s Findings: The SEC found that ICE’s delay in reporting the incident violated federal regulations and ICE’s own procedures. The fine reflects the seriousness of these violations and ICE’s history of prior enforcement actions.
  • Impact Assessment: ICE determined the incident had minimal impact on operations, but the SEC stressed that immediate reporting is crucial to protect markets and investors.
  • Dissenting Opinions: Two SEC commissioners criticized the fine, arguing that the regulation allows for delayed reporting if the impact is minimal. They viewed the penalty as excessive and reflective of a broader trend in SEC enforcement.
  • ICE’s Response: ICE stated the intrusion had no operational impact and described the SEC’s enforcement as an overreaction. The company emphasized its commitment to cybersecurity and regulatory compliance.

Go Deeper -> SEC Fines Intercontinental Exchange $10 Million for Cybersecurity Lapses – The Record

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters