Securities and Exchange Commission (SEC)

The Securities and Exchange Commission is a US federal agency that regulates financial markets and enforces securities laws.

Established in 1934, the SEC oversees public companies, investment firms, and financial markets to protect investors and maintain fair, orderly, and efficient markets.

In cybersecurity contexts, the SEC plays an increasingly important role by requiring publicly traded companies to disclose material cybersecurity incidents and maintain adequate cybersecurity risk management programs. Companies must report significant cyber incidents within four business days and provide annual disclosures about their cybersecurity governance and risk assessment processes.

The SEC has also issued guidance on cybersecurity disclosure obligations and has brought enforcement actions against companies for inadequate cybersecurity controls or failure to properly disclose cyber incidents to investors. This regulatory oversight has elevated cybersecurity from a purely technical concern to a corporate governance and investor protection issue, making SEC compliance a critical consideration for public companies' cybersecurity strategies.