Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission

A bipartisan congressional duo introduced legislation on Wednesday that would beef up cybersecurity protections at the Securities and Exchange Commission. 

The SEC Data Protection Act of 2025 would “ensure the Commission can prevent, detect, and respond to cybersecurity threats with modern tools, updated protocols, and greater internal accountability.”

The Georgia representatives behind the act — Democrat David Scott and Republican Barry Loudermilk — explained that the bill would establish uniform policies and procedures governing how the SEC requests, handles, stores, and protects sensitive information obtained from investors, advisers, broker-dealers, and other market participants.

According to the bill’s sponsors, it is designed to: 

• Require the SEC to develop and update data protection cybersecurity protocols consistent with federal and National Institute of Standards and Technology best practices.
• Ensure the security of adviser-provided information.

Scott said in a statement that the increase in cyberattacks on government agencies and data breaches prompted them to take action. 

“For years, market participants and cyber experts have warned Congress that the Commission, like many other financial regulators, does not have the modern, consistent cybersecurity safeguards in place to protect the highly sensitive information it collects,” Scott explained. 

“Continuing to rely on outdated data protection frameworks could significantly jeopardize the trust Americans have long placed on the U.S. financial system.”

He added that the bill “does not impede regulators from seeking the information they need, but it does ensure that the SEC meets basic, modern security standards consistent with best practices across the federal government and private sector.”

As written, the law would go into effect one year after it is enacted. Both men are senior members of the House Financial Services Committee. 

Scott previously introduced the bill in 2020 but it did not make it out of committee despite being co-sponsored by a bipartisan group of 15 other House members. 

The SEC declined to comment. 

The legislation follows several cyberattacks on financial institutions within the government. The Congressional Budget Office (CBO) announced a breach earlier this month following a cyberattack by “foreign actors.”

Threat actors also gained access to “highly sensitive information” in February after breaching the email system used by the Office of the Comptroller of the Currency, and Chinese hackers breached systems at the Treasury Department in December 2024 and accessed computers used by then-Secretary Janet Yellen, Deputy Secretary Adewale Adeyemo and acting Undersecretary Brad Smith.