$10 Million Penalty for NYSE Owner Over Late Breach Notification

The SEC has fined Intercontinental Exchange, Inc. (ICE), owner of the New York Stock Exchange (NYSE) and several clearinghouses, $10 million for not promptly reporting a security breach. The breach, involving malware on a third-party vendor’s VPN device, occurred in April 2021. ICE delayed notifying its subsidiaries and the SEC, violating internal policies and SEC regulations, which mandate reporting breaches within 24 hours. This incident has sparked discussions about the effectiveness and fairness of the SEC’s breach reporting rules and the importance of timely incident disclosure in maintaining market integrity.

The malware attack affected ICE’s systems, compromising sensitive data and raising concerns about the security of financial market infrastructures. Despite detecting the malware, ICE’s delay in reporting the incident has been criticized as a breach of fiduciary responsibility to its stakeholders. The $10 million fine reflects the seriousness of this oversight and serves as a warning to other financial institutions about the critical importance of adhering to cybersecurity protocols and regulatory requirements.

In response to the fine, ICE has pledged to review and enhance its cybersecurity measures and reporting procedures to prevent future incidents. The case underscores the need for robust cybersecurity defenses and prompt incident reporting to protect the integrity of financial markets and ensure the security of sensitive information.

Source: Cpomagazine

To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.