SEC Not Looking to File Many Cybersecurity Cases, Official Says

Stay up-to-date with the latest developments in securities law through access to both news and all statutes and regulations. Find relevant corporate filings through a searchable EDGAR database. And...

By Andrew Ramonas

The SEC isn’t planning to make cybersecurity cases part of the “bread and butter” of its enforcement activity, despite its multimillion-dollar penalty against the former Yahoo! Inc. in a first-of-its-kind case in the space, a senior Securities and Exchange Commission official said May 9.

The remarks by SEC Cyber Unit Chief Robert Cohen at an enforcement conference in New York came after Yahoo successor Altaba Inc. reached a $35 million settlement with the agency in April to resolve claims that it delayed telling investors about a massive data breach. Cohen didn’t rule out more SEC cases like the one against Yahoo. But, he said, the commission looks to bring cybersecurity cases in which the “facts are particularly bad and when the conduct really violates the statute very clearly.”

Insider trading, market manipulation, and accounting fraud are the kinds of matters that will continue to populate a majority of the SEC’s case roster, Cohen said.

“We’re not looking to bring dozens and dozens of cybersecurity cases every year,” he said at the conference organized by the Practising Law Institute.

The agency in February issued new guidance on how to inform investors about cyber threats and breaches. The document stressed that companies should have procedures to notify company leaders and shareholders about cyberattacks.

The SEC, however, doesn’t seek to “second-guess good-faith, reasonable decisions” on cybersecurity disclosure, Cohen said, echoing similar comments from other SEC officials.

“The commission recognizes who victims are,” he said. “We recognize when a company has been victimized by a breach.”

To contact the reporter on this story: Andrew Ramonas in Washington at aramonas@bloomberglaw.com

To contact the editor responsible for this story: Seth Stern at sstern@bloomberglaw.com

Copyright © 2018 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Securities & Capital Markets on Bloomberg Law