We’re not one to make lite of any fines assessed by the Securities Exchange Commission (SEC) or any corporate losses, but among the pain identified from an SEC investigation showed there is much room for improvement when it comes to identifying malicious cyber attacks even ones as simple as those found in an email. Should the SEC get its collective back up over cyber attacks given that investors rely on a company’s internal controls, and find companies are being lax in their security, we could see the SEC step in and issue fines to foster better corporate behavior. That would add another catalyst for cybersecurity spending, bolstering our Safety & Security investing theme in the process.
Another proof point that threats to one’s safety and security are being had in a variety of new and different ways.
Public companies that are easy targets of cyber scams could be in violation of accounting rules that call for firms to safeguard assets, the Securities and Exchange Commission said.
The SEC said in an investigative report that nine public companies wired nearly $100 million to hackers who impersonated corporate executives or vendors using emails. One company made 14 wire payments to a hacker, resulting in more than $45 million in losses, the SEC said.
“Cyber frauds are a pervasive, significant, and growing threat to all companies, including our public companies,” SEC Chairman Jay Clayton said in a statement. “Investors rely on our public issuers to put in place, monitor, and update internal accounting controls that appropriately address these threats.”
The type of scam the companies faced, known as business email compromises, have been responsible for more than $5 billion in losses since 2013 and ranked last year as the top cause of estimated losses linked to any cybercrime, the SEC said, citing data from the Federal Bureau of Investigation.
The investigation signaled regulators’ increased scrutiny of companies’ efforts to protect against cyber scams and whether intrusions are made easier due to poor compliance.
Company executives and boards have been grappling with cybersecurity issues long before the latest prodding from the SEC, said Charles Elson, director of the Weinberg Center for Corporate Governance at the University of Delaware. “Can anyone at this point figure out how to appropriately deal with this issue? That’s the difficulty of this whole area,” he said. “You are dealing with criminals. This is something that boards are dealing with,” he said.
Not all companies that fall for cyber scams are guilty of having lax safeguards, the report said. “What is clear, however, is that internal accounting controls may need to be reassessed in light of emerging risk.”