On October 16, 2018, the Securities and Exchange Commission released an investigative report cautioning public companies to consider cyber threats when implementing internal accounting controls. The SEC has previously brought enforcement actions against companies for failure to safeguard customer information, typically in the wake of a cybersecurity incident involving the loss or exposure of personal customer information, and has issued guidance relating to disclosures of cybersecurity incidents and risks. This investigative report, however, focused on the internal accounting controls of nine issuers that were the subject of a series of cybersecurity incidents that collectively led to millions of dollars in company losses. Although the SEC chose not to bring an enforcement action against any of the nine issuers, the report cautions public companies to reassess their internal controls, thus signaling that a failure to adequately assess this cyber risk in the future could lead to future enforcement actions.
Cybersecurity, Privacy, & AI
Trending Now
5 Structural Barriers Breaking Your Cybersecurity Compliance Framework • The Government’s AI Efficiency Numbers Look Good. That Should Worry You. • Why Data Centers Now Belong on the Critical Infrastructure List • The Colorado AI Act Hits a Wall: Litigation, Legislative Uncertainty, and an Enforcement Standstill • Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats
SEC Issues Report Advising Public Companies to Reassess Internal Accounting Controls for Emerging Cybersecurity Risks
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.