Statement On Cybersecurity, SEC Commissioner Michael S. Piwowar

Effective management of internal cybersecurity risk is critical to the SEC achieving its mission and to protecting the nonpublic information that is entrusted to this agency.  I commend Chairman Clayton for initiating an assessment of the SEC’s internal cybersecurity risk profile and approach to cybersecurity from a regulatory perspective.  In connection with that review, I was recently informed for the first time that an intrusion occurred in 2016 in the SEC’s Electronic Data Gathering, Analysis, and Retrieval (“EDGAR”) system.[1]  I fully support Chairman Clayton and Commission staff in their efforts to conduct a comprehensive investigation to understand the full scope of the intrusion and how to better manage cybersecurity risks related to the SEC’s operations.