SEC Finally Warns Companies That Lax Security Could Be Violating Federal Law

For a long time I’ve said that the penalties in place for data breaches aren’t damaging enough for companies to take cyber security seriously. In most cases simply announcing that a breach has occurred and providing credit monitoring (which is freely given out anyway) is all that needs to be done. The SEC has come out and warned public companies that if they fail to tighten their cyber security controls they could be in violation of federal law.

Unfortunately the SEC was specifically looking at business email compromises (BECs), where fraudsters pretend to be vendors the public company works with that send fake invoices that are then paid by the public company not knowing that these invoices are illegitimate. Despite investigating nine companies that lost over $100 million to these scams no charges were filed. Unfortunately this will also do little to help secure consumers personal and private data. Large scale data breaches will continue to happen at frequent rates until the penalties for these breaches are increased.

Hat tip to Aerial Dag

Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website.
11 Comments
newest
oldest most voted