The SEC Enforcement Division’s Cyber Unit “will continue to dig deeper into the area of cybersecurity-related disclosures and disclosure controls and internal controls,” Ablaev, a member of the Cyber Unit, said Thursday at Securities Enforcement Forum 2021. “You’ll be seeing more of the actions that we’ve been bringing fairly recently.”
When sanctioning companies for failures in cyber risk disclosure, the SEC will likely index penalties to the extent of the damage, Ablaev said. If compromised data is related to a company’s “critical business, the more likely we are to find materiality and the more likely we are to assign a kind of higher penalty amount to these cases.”
Source: SEC to ‘dig deeper’ in cybersecurity enforcement | CFO Dive