SEC issues warning on increasing ransomware threat to financial services firms


The SEC’s Office of Compliance Inspections and Examinations (OCIE) warned of a recent increase in the sophistication of ransomware targeting financial service providers. The OCIE issued guidance on tactics and techniques organizations can use to guard against these attacks, broken down into six key areas:

  • Incident response and resiliency policies, procedures and plans,
  • Operational resiliency,
  • Awareness and training programs,
  • Vulnerability scanning and patch management,
  • Access management,
  • Perimeter Security.



The SEC warning is in line with other analysis showing that the cyber breach threat to organizations has greatly increased in the wake of the COVID-19 remote work environment. The SEC is right to emphasize the specific ransomware risk, which we have written extensively about and is the attack type that is most damaging and costly for companies. The SEC’s recommendations for cyber defense and preparation are sound, and while Cyberhedge research shows that financial services is one of the top rated sectors in terms of cyber governance, many firms are still deficient in some of these basic preparations.

And while ‘recommendations’ such as these issued by the SEC are welcome, to improve cybersecurity and resiliency across the corporate sector as a whole, it is necessary for formal and standardized disclosure requirements to be implemented so that proper cybersecurity and hygiene are no longer ‘optional’. Standardized requirements would also help guide C-suites, investors and other stakeholders to better assess the cyber governance of individual companies, just as disclosure requirements with defined metrics that companies must issue for other areas such as financial or environmental impact, help those parties assess companies’ standings in those areas. Cyber is the only macro-level risk that isn’t treated like one.

And as the Cyberhedge Cyber Governance Indices clearly show, cyber governance impacts shareholder value. These indices have outperformed the overall market three years in a row, and in 2020 are beating the US and EU markets by 19% and 41% respectively

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website