The Commodity Futures Trading Commission (CFTC) is pushing for new cybersecurity regulations for brokerages and swaps dealers. This move comes in response to the damaging ransomware attack that hit software company Ion Trading UK earlier this year.
The proposed changes to the cybersecurity rules emphasize updates to risk evaluations for CFTC-registered firms. The incident at Ion Trading UK served as a stark reminder of the potential vulnerabilities third-party software can introduce. Following the cyberattack on Ion Trading, which provides software services to significant entities in stock, bond, and commodities markets, operational disruptions were felt industry-wide and forced manual trade processing for several days.
The revised rules would expect firms under the CFTC’s regulation to adopt new procedures for managing security risks from external vendors. The objective is to reduce the industry’s exposure to such cyber threats and ensure better preparedness in the event of future attacks.
More details about the proposed plan can be found on the CFTC website, providing insight to all CFTC-regulated companies that would be required to comply.
It is evident that cyber threats pose a significant and ongoing risk to the financial industry. These proposed changes serve as a reminder for organizations to remain vigilant in assessing and mitigating such risks, particularly those presented by third-party suppliers.