author photo
By Clare O’Gara
Tue | Sep 17, 2019 | 10:38 AM PDT

Neglect cybersecurity and you'll pay the price.

That's what Phillip Capital Inc. (PCI) learned when the U.S. Commodity Futures Trading Commission (CFTC) fined them $1.5 million for a security breach.

What happens without cybersecurity?

It's a situation you've probably heard before: phishing emails.

An IT engineer at the Chicago-based futures and securities clearing broker took the bait in early 2018.

The mistake opened the door to hackers, according to the CFTC:

"[It allowed] cyber criminals to breach PCI email systems, access customer information, and successfully withdraw $1 million in PCI customer funds."

In its investigation, the CFTC uncovered an unmonitored cybersecurity culture.

"PCI failed to supervise its employees with respect to cybersecurity policy and procedures, a written information systems security program, and customer disbursements."

Take the bait, pay for the mistake

The CFTC was clear about the financial penalty for PCI going forward:

"The order imposes monetary sanctions totaling $1.5 million, which includes a civil monetary penalty of $500,000, and $1 million in restitution."

The agency also criticized the company for taking so long to announce the breach.

James McDonald, CFTC Director of Enforcement, emphasized the importance of taking cybersecurity seriously.

"Cybercrime is a real and growing threat in our markets. While it may not be possible to eliminate all cyber threats, CFTC registrants must have adequate procedures in place—and follow those procedures—to protect their customers and their accounts from potential harm."

Check out the CFTC's announcement on PCI here.