Login

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

SEC warns corporate cyber weakness could violate federal law

Reprints
Cyber Risks Emerging Risks Regulation Risk Management Technology More + Less -
SEC warns corporate cyber weakness could violate federal law

(Reuters) — Public companies that fail to tighten their cyber security controls could be violating federal law, the Securities and Exchange Commission said Tuesday.

The regulator's warning came in the form of a report on its investigation to assess whether nine companies that had been victims of cyber-related frauds had sufficient internal accounting controls in place as required by law.

It focused on so-called "business email compromises" in which cyber criminals pose as company executives to dupe staff into sending company funds to bank accounts controlled by the hackers. The Federal Bureau of Investigation estimates such scams had led to $5 billion in losses since 2013, the SEC said.

The fraud did not include any sophisticated design, but rather used technology to detect the human vulnerabilities in the control system, the report said.

"We did not charge the nine companies we investigated, but our report emphasizes that all public companies have obligations to maintain sufficient internal accounting controls and should consider cyber threats when fulfilling those obligations," Stephanie Avakian, co-director of the SEC Enforcement Division, said in a statement.

The SEC did not identify the companies but said the failings of internal controls were only discovered when vendors told authorities of nonpayment on a number of outstanding invoices.

Regulators and lawmakers are increasingly focused on the risks cyber criminals pose to companies and their customers following a series of high-profile incidents. They included the theft by hackers last year at credit reference company Equifax Inc. of personal information of more than 145 million people.

Last week, Facebook Inc. said hackers stole data from 29 million Facebook accounts, adding to concerns among users and investors about the company that has been through a series of cyber scandals.

Following the Equifax breach, the SEC issued updated guidance on how and when companies should disclose cyber security risks and breaches, including potential weaknesses that have not yet been targeted by hackers but could constitute inside information.

 

Read Next

  • Cyber attacks, supply-chain disruption top business risks: Marsh

    Marsh Insurance Brokers (Malaysia) Sdn Berhad said that cyber attacks and financial losses related to supply-chain disruptions are among top business risks in the country, Malay Mail reported. Sean Chou, managing director at Marsh Malaysia, said that companies face cyber security risks from the adoption of new technologies and potential losses from reliance on new supply chains following the changing global economic and political landscape.

Related Stories

Most Read in Risk Management

Sign up for Daily Briefing, the free email newsletter from Business Insurance.

About

Advertise

Reprints and Licensing

Resources

. Privacy PolicyTerms of Use

COPYRIGHT © 2024 BUSINESS INSURANCE HOLDINGS

Member, Beacon International Group, Ltd.