Thursday, May 23, 2024

SEC fines ICE, NYSE $10 million for failing to notify about cyber breach

By Lene Powell, J.D.

The Intercontinental Exchange, Inc. (ICE) and nine subsidiaries including the New York Stock Exchange (NYSE) agreed to pay a $10 million penalty to resolve SEC charges relating to notification of a cyber intrusion. ICE knew of a likely breach of its corporate network but did not notify the SEC or its own legal and compliance personnel for several days, in violation of Regulation SCI (In the Matter of Intercontinental Exch. Inc., Exchange Act Release No. 100206 (May 22, 2024).

“When it comes to cybersecurity, especially events at critical market intermediaries, every second counts and four days can be an eternity,” said SEC Enforcement Director Gurbir Grewal. “Today’s order and penalty not only reflect the seriousness of the respondents’ violations, but also that several of them have been the subject of a number of prior SEC enforcement actions, including for violations of Reg SCI.”

Read the rest of the story and other securities news from Wolters Kluwer at