The viability of a cybersecurity whistleblowing tip under the SEC Whistleblower Reward Program is no longer a question. In June 2016, the SEC announced a $1 million penalty levied against Morgan Stanley Smith Barney LLC for cybersecurity violations that, when coupled with a related criminal action, totaled $1.6 million. We may never know whether a whistleblower provided information in this enforcement action since the SEC’s policy is to strictly protect the identities of whistleblowers. What we do know is that if there were a whistleblower involved, this is the first SEC action involving cybersecurity to meet the $1 million threshold for an award.
via Can Cybersecurity Whistleblowers Receive Monetary Awards from the SEC? – Lexology