On October 16, 2018, the Securities and Exchange Commission released an investigative report cautioning public companies to consider cyber threats when implementing internal accounting controls. The SEC has previously brought enforcement actions against companies for failure to safeguard customer information, typically in the wake of a cybersecurity incident involving the loss or exposure of personal customer information, and has issued guidance relating to disclosures of cybersecurity incidents and risks. This investigative report, however, focused on the internal accounting controls of nine issuers that were the subject of a series of cybersecurity incidents that collectively led to millions of dollars in company losses. Although the SEC chose not to bring an enforcement action against any of the nine issuers, the report cautions public companies to reassess their internal controls, thus signaling that a failure to adequately assess this cyber risk in the future could lead to future enforcement actions.
Cybersecurity, Privacy, & AI
Trending Now
Army Plans Fast Follow-Up to AI Cyber Wargame With Industry: Officials • Operational Blind Spots: The Strategic Need for NIST’s New OT Cybersecurity Initiative • A FedRAMP Strategy for Solving the Cyber Talent Shortage • Why Recovery Speed Matters When the Homeland Is the Cyber Battlefield • CISA, Federal Partners Release Zero Trust Guide for Operational Technology
SEC Issues Report Advising Public Companies to Reassess Internal Accounting Controls for Emerging Cybersecurity Risks
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.