The SEC is calling for better controls as cyber scams grow

The SEC is calling for better controls as cyber scams grow

We’re not one to make lite of any fines assessed by the Securities Exchange Commission (SEC) or any corporate losses, but among the pain identified from an SEC investigation showed there is much room for improvement when it comes to identifying malicious cyber attacks even ones as simple as those found in an email. Should the SEC get its collective back up over cyber attacks given that investors rely on a company’s internal controls, and find companies are being lax in their security, we could see the SEC step in and issue fines to foster better corporate behavior. That would add another catalyst for cybersecurity spending, bolstering our Safety & Security investing theme in the process.

Another proof point that threats to one’s safety and security are being had in a variety of new and different ways.

Public companies that are easy targets of cyber scams could be in violation of accounting rules that call for firms to safeguard assets, the Securities and Exchange Commission said.

The SEC said in an investigative report that nine public companies wired nearly $100 million to hackers who impersonated corporate executives or vendors using emails. One company made 14 wire payments to a hacker, resulting in more than $45 million in losses, the SEC said.

“Cyber frauds are a pervasive, significant, and growing threat to all companies, including our public companies,” SEC Chairman Jay Clayton said in a statement. “Investors rely on our public issuers to put in place, monitor, and update internal accounting controls that appropriately address these threats.”

The type of scam the companies faced, known as business email compromises, have been responsible for more than $5 billion in losses since 2013 and ranked last year as the top cause of estimated losses linked to any cybercrime, the SEC said, citing data from the Federal Bureau of Investigation.

The investigation signaled regulators’ increased scrutiny of companies’ efforts to protect against cyber scams and whether intrusions are made easier due to poor compliance.


Company executives and boards have been grappling with cybersecurity issues long before the latest prodding from the SEC, said Charles Elson, director of the Weinberg Center for Corporate Governance at the University of Delaware. “Can anyone at this point figure out how to appropriately deal with this issue? That’s the difficulty of this whole area,” he said. “You are dealing with criminals. This is something that boards are dealing with,” he said.

Not all companies that fall for cyber scams are guilty of having lax safeguards, the report said. “What is clear, however, is that internal accounting controls may need to be reassessed in light of emerging risk.”

Source: SEC Calls for Better Accounting Controls as Cyber Scams Increase – WSJ

About the Author

Chris Versace, Chief Investment Officer
I'm the Chief Investment Officer of Tematica Research and editor of Tematica Investing newsletter. All of that capitalizes on my near 20 years in the investment industry, nearly all of it breaking down industries and recommending stocks. In that time, I've been ranked an All Star Analyst by Zacks Investment Research and my efforts in analyzing industries, companies and equities have been recognized by both Institutional Investor and Thomson Reuters’ StarMine Monitor. In my travels, I've covered cyclicals, tech and more, which gives me a different vantage point, one that uses not only an ecosystem or food chain perspective, but one that also examines demographics, economics, psychographics and more when formulating my investment views. The question I most often get is "Are you related to…."

Comments are closed.