The Securities and Exchange Commission (SEC) has urged companies to intensify their cybersecurity capabilities as more clients have turned to using digital platforms amid the COVID-19 pandemic.
In a press statement Tuesday, the agency put out an advice to companies urging them to evaluate the cybersecurity risks and plug the loopholes to ensure that they will not fall into the trap of being hacked as experienced by some of them recently.
“Digital transformation benefits businesses, allowing them to improve their productivity and realize greater efficiencies, but not without risks,” SEC Chairperson Emilio B. Aquino said.
The crisis has pushed more clients to use digital platforms as their means of doing transactions as they and the companies that they transact with try to eliminate face-to-face interactions as well as go into using online platforms.
Some companies, even small restaurants have gone into online transactions since the start of the pandemic and, because of the situation, some individuals have gone into hacking activities like phishing, data breaches and other methods of cyberattacks.
“Cybersecurity is more than an IT (information technology) matter,” said Aquino, pointing out that “it is a corporate governance issue that companies should give serious attention to and proactively manage, as cyberattacks could damage their reputation, disrupt their operations, and eventually jeopardize their profitability and enterprise value.”
The agency said that top officials of companies must ensure that they know and how to face face cybersecurity risks that their entities have to face.
“The boards of directors of companies must ensure that a robust cybersecurity strategy is in place and that existing cybersecurity measures, including regular penetration testing and risk assessments, remain effective amid the evolving security landscape,” he said as the agency has been pushing for companies to invest in cybersecurity and data privacy.
Among the steps that it has pushed for is for governing bodies of these companies to set up bodies that will look into their cybersecurity vulnerabilities and come up with programs to battle these risks.
Among the steps that the SEC is requiring broker dealers, exchanges, clearing agencies, securities depositories and other participants to have a comprehensive information technology plan, as specified under the 2015 Implementing Rules and Regulations of the Securities Regulation Code, or Republic Act 8799.
These companies are also ordered to hire independent auditors to regularly review their business continuity and disaster recovery plans, and risk management systems.
The agency, In 2016, also ordered capital market participants to report their compliance with data privacy and protection regulations. Republic Act No. 10173, or the Data Privacy Act of 2012, for one, requires organizations both in the government and the private sector to develop their privacy manuals.
