THE SECURITIES and Exchange Commission (SEC) has released a draft memorandum circular for public comment requiring capital market participants to implement cyberTHE SECURITIES and Exchange Commission (SEC) has released a draft memorandum circular for public comment requiring capital market participants to implement cyber

SEC proposes cyber resilience requirements for publicly listed companies

Author: Bworldonline

Source: Bworldonline

2025/12/19 00:03

CYBER$0.6631+3.06%

PUBLIC$0.02657-2.45%

OPEN$0.17014+2.69%

THE SECURITIES and Exchange Commission (SEC) has released a draft memorandum circular for public comment requiring capital market participants to implement cyber resilience frameworks.

The draft circular, issued on Dec. 17, is open for comments until Jan. 16, 2026. It mandates regulated entities to establish frameworks that define objectives, risk tolerance, and procedures to identify, mitigate, and manage cyber risks.

“The proposal is in line with the government’s National Cybersecurity Plan 2023 to 2028, which recognizes cybersecurity as critical to peace, security and economic development,” the commission said in a statement on Thursday.

The guidelines cover publicly listed companies, broker-dealers, investment firms, exchanges, self-regulatory organizations, clearing agencies, securities depositories, transfer agents, and other capital market participants of similar nature.

The SEC said boards of directors must oversee cybersecurity risks and establish or appoint a Computer Emergency Response Team (CERT) led by a chief information security officer (CISO).

“The CISO will be responsible for carrying out the responsibilities of the chief information officer and serve as the primary liaison to the company’s authorizing officials, information system owners, and information system security officers,” the commission added.

The draft also holds regulated entities accountable for cybersecurity and resilience even when third parties manage their systems. Entities relying on third-party Critical Information Infrastructure must secure legally binding agreements to ensure compliance with standards such as incident reporting, auditing, and risk assessment.

“If a covered entity experiences a cyber incident that is determined to be material, it should disclose to the SEC within five days after the occurrence of the event the nature, scope, and timing of the incident. The company should also report its material impact or reasonably likely material impact on the entity, including its financial condition and results of operation,” the SEC said. — Alexandria Grace C. Magno

Market Opportunity

CyberConnect Price(CYBER)

$0.6631

$0.6631$0.6631

-0.80%

USD

CyberConnect (CYBER) Live Price Chart

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.