Lax Cyber Security Could Be Federal Law Violation, SEC Warns

Public companies that fail to tighten their cyber security controls could be violating federal law, the U.S. Securities and Exchange Commission (SEC) said on Tuesday.

The regulator’s warning came in the form of a report on its investigation to assess whether nine companies that had been victims of cyber-related frauds had sufficient internal accounting controls in place as required by law.

It focused on so-called “business email compromises” in which cyber criminals pose as company executives to dupe staff into sending company funds to bank accounts controlled by the hackers. The Federal Bureau of Investigation estimates such scams had led to $5 billion in losses since 2013, the SEC said.

The fraud did not include any sophisticated design, but rather used technology to detect the human vulnerabilities in the control system, the report said.

“We did not charge the nine companies we investigated, but our report emphasizes that all public companies have obligations

... read more at: