June 24, 2024
SEC fines ICE $10M for cybersecurity lapse. Delayed breach disclosure sparks criticism. Commissioners argue overreactions

SEC Fines ICE $10M for Cybersecurity Lapse

The Intercontinental Exchange (ICE) faces a hefty penalty of $10 million imposed by the United States Securities and Exchange Commission (SEC) for a failure to promptly disclose a cyber intrusion, as per an official announcement.

Breach Unveiled: A Malicious Cyberattack on the ICE Network

The cyber breach, which came to light in April 2021, involved the insertion of malicious code into a Virtual Private Network (VPN) device, enabling unauthorized access to ICE’s corporate network. Despite swiftly identifying the threat, ICE neglected to alert legal and compliance officials across its subsidiaries, including the prestigious New York Stock Exchange (NYSE), for several days.

The SEC’s Regulation Systems Compliance and Integrity (Regulation SCI) mandates prompt disclosure of any significant cybersecurity incidents to the regulatory body. Gurbir S. Grewal, Director of Enforcement at the SEC, emphasized the critical nature of timely reporting, stating, “When it comes to cybersecurity, especially events at critical market intermediaries, every second counts, and four days can be an eternity.”

Consequences Echo Across ICE Subsidiaries

ICE, renowned for hosting the world’s largest network of exchanges and clearing houses, encompasses a plethora of subsidiaries, including the NYSE, ICE Futures U.S., and Europe, alongside various clearing houses and data providers. The SEC’s enforcement action reverberated across multiple ICE subsidiaries, such as Archipelago Trading Services, Inc., NYSE American LLC, and NYSE Arca, Inc., among others. Additionally, the Securities Industry Automation Corporation faced a cease-and-desist order coupled with the monetary fine.

Controversy Arises: SEC Fines Criticized

Responding to the substantial fines, SEC Commissioners Hester Peirce and Mark Uyeda issued a statement denouncing the penalty as an “overreaction” to what they deemed a “minimal incident.” They argued that penalizing ICE disproportionately for a delayed report on an incident classified as de minimis portrays the SEC’s inclination towards generating hefty penalties rather than ensuring the rectification of technological vulnerabilities. Peirce and Uyeda’s critique underscores a broader concern regarding the SEC’s penalty framework, echoing previous criticisms of the Commission’s approach towards crypto companies.

Striking a Balance Between Compliance and Market Integrity

The SEC’s imposition of a $10 million fine on ICE underscores the regulatory imperative for prompt cybersecurity incident disclosure. While the penalty has drawn criticism for its perceived severity, it signals the SEC’s commitment to upholding market integrity amidst evolving cybersecurity threats. The incident serves as a reminder for financial entities to prioritize proactive cybersecurity measures and adherence to regulatory protocols to safeguard market participants’ interests.

Image by jcomp on Freepik

Disclosure Statement: Miami Crypto does not take any external funding, or support to bring crypto news to the readers. We do not have any conflicts of interest while writing news stories on Miami Crypto.

Related posts

Staking Frenzy Drains Ether from Exchanges Bringing It to an All-Time Low Since 2016 

Anna Garcia

Wallet Provider Magic Attracts $52 Million Investment Led by PayPal Ventures  

Cheryl  Lee

From Cryptocurrency to Reality TV: CoinMarketCap’s ‘Killer Whales’ Showcases Web3 Innovation

Anna Garcia

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Please enter CoinGecko Free Api Key to get this plugin works.