On October 16, 2018, the Securities and Exchange Commission issued a report warning public companies about the importance of internal controls to prevent cyber fraud. The report described the SEC Division of Enforcement’s investigation of multiple public companies which had collectively lost nearly $100 million in a range of cyber-scams typically involving phony emails requesting payments to vendors or corporate executives. [1]
Although these types of cyber-crimes are common, the Enforcement Division notably investigated whether the failure of the companies’ internal accounting controls to prevent unauthorized payments violated the federal securities laws. The SEC ultimately declined to pursue enforcement actions, but nonetheless issued a report cautioning public companies about the importance of devising and maintaining a system of internal accounting controls sufficient to protect company assets.