MANILA, Philippines – The Securities and Exchange Commission (SEC) want to institutionalize and assimilate cybersecurity into the operations of companies. This will act as the first step to protect their clients and themselves from the growing number of cyberattacks.
Under the SEC’s proposed guidelines, the corporate regulating entity said that cybersecurity is currently the fastest growing economic crime, with computer-generated cyberattacks possibly being impactful enough to cause massive crises in the Philippine economy. These crises may also impact the banking and financial institutions, communications, and other critical infrastructures if left unchecked.
Therefore, the SEC said that there is a need to quickly make policies and recommendations to protect industries and capital markets from attacks on the cyber front and the like. They doubled down on this statement and said that cybersecurity must be considered an integral part of any business.
The regulating authority was firm in its belief that cybersecurity must be institutionalized and consistent with the guidelines set by the Board of the International Organization of Securities Commission and that its principles must be implemented among the different financial markets in the country.
Furthermore, they said that regulated entities must develop and have a formalized Incident Response Plan (IRP). These IRPs also have to be regularly practiced and updated to resist any breach in their cybersecurity. These entities must also develop a Disaster Recovery Plan (DRP) in case an attack happens.
Along with these two, companies must also have a Business Continuity Plan, which should incorporate significant components that deal with operational risk management. This should include policies, standards, and procedures that will ensure specific operations will be maintained and recovered without issues in the event of an attack or disruption.
Lastly, the SEC want companies to ensure internal control mechanisms and train to safeguard data, including their clients’ privacy, especially their sensitive personal information. This last requirement will ensure that a company will prevent and minimize this information’s misuse or inappropriate communications to third parties.
With these requirements, the SEC also want publicly listed companies to provide their investors with complete information in the event of a cyber-security breach.
In essence, cybersecurity is the practice of protecting a system, network, or program from digital attacks. These attacks usually aim to access, change, or destroy sensitive information to extort money from users and interrupt the business’s normal flow. With this requirement from the SEC, companies will keep up with innovations in cyberattacks better and keep their clients and themselves safe.
- MSME Loans Fall by 12.3% in First Half of 2020 Because of Pandemic - December 28, 2020
- Companies Need to Incorporate Cybersecurity Into Their Operations – SEC - December 28, 2020
- BPI’s Asset Portfolio Grew Past the 1 Trillion Peso Mark - December 28, 2020