On Tuesday, Oct. 16, the U.S. Securities and Exchange Commission (SEC) issued a report advising public companies to review and recalibrate internal accounting controls to consider cyber threats. The report is based on an investigation of business email compromises (BECs), more commonly known as “spearphishing” attacks, at nine public companies that resulted in a cumulative loss of almost $100 million. Cyber scams like these are an ever-increasing part of the risks faced by a wide variety of businesses today.
In this flash report, we summarize the report and the implications for public organizations. The SEC’s release can be found here