Summary
The SEC has released a new report on cyber fraud, suggesting that public companies that fail to implement appropriate preventative measures risk violating the internal accounting control provisions of the Exchange Act. Companies should review their fraud prevention procedures accordingly and consider whether to conduct a comprehensive cybersecurity assessment under attorney-client privilege.
In Depth
The Enforcement Division of the Securities and Exchange Commission (SEC) recently warned public companies that inadequate cybersecurity fraud prevention may violate the internal accounting control provisions of the Exchange Act. Following Commission guidance issued earlier this year, the most recent report reflects the agency’s continued emphasis on cybersecurity. Given this more expansive view of cybersecurity practices, public companies should ensure that internal accounting controls adequately address cybersecurity risk.
The Report
The SEC’s investigative report describes two types of cybersecurity scams that victimized nine public companies, which collectively lost nearly $100 million.
In the first scam, the perpetrators used fake email accounts to request wire…
