In remarks on Thursday of last week to the Tulane Corporate Law Institute, SEC Commissioner Robert Jackson discussed what he termed to be “the most pressing issue in corporate governance today: the rising cyber threat.” To support his characterization, Jackson reports that, in 2016, there were over 1,000 data breaches with an aggregate cost of over $100 billion, according to the Identity Theft Resource Center. And the issue has “rocketed to the top of the corporate agenda”: “One recent study showed that nearly two-thirds of executives identified cyber threats as a top-five risk to their company’s future. That shows how quickly this has become a board-level issue.”
BDO identifies questions companies may need to address at annual meetings of shareholders this season
Just in time to get ready for those annual meetings of shareholders, accounting firm BDO’s Center for Corporate Governance and Financial Reporting has developed a list of topics that companies should be prepared to address at their annual meetings of shareholders this season. The broad themes include the impact of efforts by the current administration regarding protectionism, taxes and deregulation, as well as corporate accountability and compliance.
SEC hack provides occasion for Chair Clayton to revitalize 2011 Corp Fin disclosure guidance on cybersecurity risks and incidents
As you probably read in the papers (see, e.g., this article from the WSJ), SEC Chair Jay Clayton announced yesterday that, in 2016, the SEC’s EDGAR system was hacked and, in August 2017, the staff determined that the hack may have led to insider trading. The hackers took advantage of “a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery….” The SEC believes “the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk. Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities.” As part of his lengthy statement, Clayton addressed the cybersecurity considerations that the staff applies in the context of its review of public company disclosures.
by Cydney Posner As reported in the WSJ, the National Association of Corporate Directors advises that boards ask their companies’ chief information security officers some pointed questions about cybersecurity risks. Often, boards just ask whether the company is vulnerable to cyberattacks like those recently experienced at the U.S. Office of […]
by Cydney Posner Here is an unnerving warning from FireEye, a cybersecurity firm, discussed in this article from MarketWatch, regarding a sophisticated, native-English-speaking group, designated FIN4, that has targeted almost 100 public companies, primarily healthcare and pharma, to compromise their confidential information. What’s unusual here is that the apparent purpose of […]