On October 16, 2018, the Securities and Exchange Commission released an investigative report cautioning public companies to consider cyber threats when implementing internal accounting controls. The SEC has previously brought enforcement actions against companies for failure to safeguard customer information, typically in the wake of a cybersecurity incident involving the loss or exposure of personal customer information, and has issued guidance relating to disclosures of cybersecurity incidents and risks. This investigative report, however, focused on the internal accounting controls of nine issuers that were the subject of a series of cybersecurity incidents that collectively led to millions of dollars in company losses. Although the SEC chose not to bring an enforcement action against any of the nine issuers, the report cautions public companies to reassess their internal controls, thus signaling that a failure to adequately assess this cyber risk in the future could lead to future enforcement actions.
Cybersecurity, Privacy, & AI
Trending Now
What Cross-Border M&A Teaches About the Limits of Legal AI • Unpacking the Great American AI Act • Illinois Department of Human Rights Seeks Public Comment on Draft AI Employment Regulations • CISA Close to Issuing New Cyber AI Directive • Pentagon’s Cyber Defense Command Drafting Plan to Defend Critical Infrastructure
SEC Issues Report Advising Public Companies to Reassess Internal Accounting Controls for Emerging Cybersecurity Risks
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.