CFO Alert: Cybersecurity Threats Elevate Internal Accounting Controls Focus

September 4, 2024
1 min read



TLDR:

Key Points:

  • The SEC now considers cybersecurity breaches as internal accounting controls issues
  • A recent case with RRD resulted in a $2.1 million fine for deficiencies in internal accounting controls

New CFO Concern: Cybersecurity Issues Are Now An Internal Accounting Controls Problem

Cybersecurity breaches are now being viewed as internal accounting controls issues by the SEC, as evidenced by a recent case with RRD resulting in a $2.1 million fine. The SEC’s decision to classify IT systems as “assets” under the Exchange Act indicates a shift in how regulatory oversight is being expanded. While some within the SEC have expressed dissent, arguing that internal accounting controls are traditionally focused on financial assets, the consequences of non-compliance are becoming clear with the imposition of substantial fines.

Companies now face the challenge of ensuring robust cybersecurity defenses to prevent costly breaches that could lead to internal accounting controls violations. The implications of the SEC’s interpretation extend beyond the RRD case, raising questions about the classification of assets and the broader scope of internal controls. As the regulatory landscape evolves, CFOs and organizations must prioritize cyber defense measures to avoid potential fines and enforcement actions.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and