The SEC declined to comment.
New reporting rules which start to come into force in December would require funds for the first time to confidentially file complete monthly portfolio holdings with the SEC, data which the ICI has said could easily be used for insider trading if obtained by hackers.
"Until that information security environment has been established, funds should continue to collect data quarterly, not monthly information, as quarterly data is not nearly as sensitive," said Stevens.
The SEC disclosure came two weeks after credit-reporting company Equifax Inc said a breach had exposed sensitive personal of data up to 143 million U.S. customers. This followed last year’s cyber attack on SWIFT, the global bank messaging system.
Stevens said rules governing the disclosure of such breaches should be tighter for both public and private organizations.
"That disclosure obligation fixes the mind on need to fix the breach in the first instance."
This article as provided by Reuters.