SEC warns corporate cyber weakness could violate federal law
Reuters
Published Oct 16, 2018 03:12PM ET
SEC warns corporate cyber weakness could violate federal law
By Katanga Johnson
WASHINGTON (Reuters) - Public companies that fail to tighten their cyber security controls could be violating federal law, the U.S. Securities and Exchange Commission (SEC) said on Tuesday.
The regulator's warning came in the form of a report on its investigation to assess whether nine companies that had been victims of cyber-related frauds had sufficient internal accounting controls in place as required by law.
It focused on so-called "business email compromises" in which cyber criminals pose as company executives to dupe staff into sending company funds to bank accounts controlled by the hackers. The Federal Bureau of Investigation estimates such scams had led to $5 billion in losses since 2013, the SEC said.
The fraud did not include any sophisticated design, but rather used technology to detect the human vulnerabilities in the control system, the report said.
"We did not charge the nine companies we investigated, but our report emphasizes that all public companies have obligations to maintain sufficient internal accounting controls and should consider cyber threats when fulfilling those obligations," Stephanie Avakian, Co-Director of the SEC Enforcement Division, said in a statement.
The SEC did not identify the companies but said the failings of internal controls were only discovered when vendors told authorities of nonpayment on a number of outstanding invoices.
Regulators and lawmakers are increasingly focused on the risks cyber criminals pose to companies and their customers following a series of high-profile incidents. They included the theft by hackers last year at credit reference company Equifax (N:EFX) of personal information of more than 145 million people.
Last week, Facebook Inc (O:FB) said hackers stole data from 29 million Facebook accounts, adding to concerns among users and investors about the company that has been through a series of cyber scandals.
Following the Equifax breach, the SEC issued updated guidance on how and when companies should disclose cyber security risks and breaches, including potential weaknesses that have not yet been targeted by hackers but could constitute inside information.
Get The News You Want
Written By: Reuters
Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.