SEC Report Emphasizes Cybersecurity's Impact on Accounting Controls

The Securities and Exchange Commission (SEC) recently issued an investigative report urging public companies to consider cybersecurity threats when implementing internal accounting controls.

The investigation focused on the use and impact of Business Email Compromise (BEC), which typically relies on email spoofing and social engineering, to convince company personnel to transfer large sums to bank accounts controlled by the attackers. The FBI estimates losses from BEC attacks have totaled over $5 billion since 2013, more than any other form of cyber crime.

The SEC report provides insight into how BEC was used to exploit internal control weaknesses and highlights the strong correlation between cybersecurity and an organization’s system of internal financial controls.

"…Our report emphasizes that all public companies have obligations to maintain sufficient internal accounting controls and should consider cyber threats when fulfilling those obligations." - Stephanie Avakian, Co-Director, SEC Enforcement Division

Source: https://www.sec.gov/news/press-release/2018-236