SEC’s ‘Swiss Army’ Accounting Law Tested by Cyber Breach Charges

R.R. Donnelley & Sons Co. agreed last month to pay $2.1 million to settle Securities and Exchange Commission charges that the marketing and printing company violated disclosure and internal accounting control rules stemming from a 2021 cybersecurity breach.

The settlement, which comes amid heightened SEC focus on cybersecurity, represents a new—and expansive—take on the accounting control provisions. The regulator included a similar accounting charge in its high-profile suit against SolarWinds Corp., and a federal judge in Manhattan is poised to weigh in on the SEC’s approach.

Applying the accounting rules to a cyber hack is an “incredibly slippery slope,” Hilgers Graben PLLC partner Scott Mascianica said.

“Clearly in the cybersecurity realm it’s fraught with peril for all issuers who are the victim of any hack,” Mascianica, a former SEC lawyer, said. “But you could extrapolate it to a whole host of things.”

Source: SEC’s ‘Swiss Army’ Accounting Law Tested by Cyber Breach Charges