Shearman & Sterling on Whether a Cyber Breach Can Be a Violation of Internal Controls

On October 16, 2018, the Securities and Exchange Commission (SEC) issued a report outlining an investigation conducted by the SEC’s Division of Enforcement related to the internal accounting controls at nine public companies that were the victims of cyber fraud. The SEC elected to issue a report under Section 21(a) of the Securities Exchange Act of 1934 rather than proceeding with enforcement actions against any of the companies involved as a way to draw attention to the growing issue of cyber fraud, highlight what it believes are necessary and best practices in this area and, importantly, caution all public companies … Read more