SEC Links Cyberthreats to Internal Controls

By Stephen Barlas
January 1, 2019

The Securities & Exchange Commission (SEC) issued an investigative report in October 2018 cautioning that public companies should consider cyberthreats when implementing internal accounting controls. The report detailed how nine public companies fell victim to fraud by responding to illegitimate business emails and losing millions of dollars in the process.


In February 2018, the SEC issued a statement and interpretative guidance to assist public companies in preparing disclosures about cybersecurity. But that guidance may be insufficient in light of the SEC investigative report. Sen. Jack Reed (D.-R.I.) introduced a bill in March 2017 called the Cybersecurity Disclosure Act of 2017, which would require that publicly traded companies disclose in annual filings with the SEC whether any member of their governing body, such as their board of directors or general partner, possess expertise or experience in cybersecurity. The bill was discussed in a Senate Banking Committee hearing in June 2018 but was never voted on. It’s supported by the North American Securities Administrators Association.


Stephen Barlas has covered Washington, D.C., for trade and professional magazines since 1981 and since 1984 for Strategic Finance and its predecessor Management Accounting. You can reach him at sbarlas@verizon.net.
0 No Comments
You may also like