The Securities and Exchange Commission should be doing more to ensure that cyberattacks are revealed to shareholders promptly, Commissioner Robert Jackson argued in a conference speech.
The agency also should consider expanding insider trading rules to include the hackers themselves, in addition to those usually covered by the rules, Jackson said in comments at the Tulane Corporate Law Institute in New Orleans on March 15.
Though the SEC issued new guidelines about hacking events last month, Jackson said the regulator needed to do much more.
Pointing to the March 14 indictment of a former executive of Equifax Inc. who was alleged to have traded company stock before the full extent of the cyberattack on the credit bureau was revealed, Jackson said, "it is especially alarming when reports of a breach are accompanied by reports of insider trading."
The Equifax hack may have affected more than 145 million customers.
The question of whether insider trading rules needed to be expanded to include the hackers themselves was a critical issue, Jackson said.
There's a concern "that hackers will not only continue to attack American companies, but that they might be able to profit by trading before the investing public discovers what they have done," he said.
