Cybersecurity and Securities Fraud
In a September 2017 speech, SEC Chair Clayton highlighted the “substantial risk . . . from cyber issues” and underscored the SEC’s expectation that companies enhance their disclosures of cybersecurity risks. He also announced that cybersecurity is a top enforcement priority for the SEC. And just a few weeks prior to the speech, the SEC’s Office of Compliance Inspections and Examination issued a risk alert concerning cybersecurity examinations of broker dealers, investment advisers, and investment companies, in which the SEC identified some security control deficiencies and set forth recommendations for more robust cybersecurity policies and procedures.
In addition, the SEC has taken enforcement actions related to cybersecurity risks, including the imposition of a $100,000 penalty for a broker dealer’s violation of “requirements that broker-dealers adopt written policies and procedures to protect confidential customer information and records and to keep and maintain copies of all business communications.”
In February 2018, the SEC announced that it will continue to prioritize cybersecurity in its examination programs. In particular, the examinations will “focus on, among other things, governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.” See the SEC’s list of cyber enforcement actions.
False disclosures about cybersecurity risks and the failure to protect data from hackers are just two examples of the federal securities law implications of weak cybersecurity.
We have represented cybersecurity whistleblowers in several industries, including Chief Information Security Officers, and are well versed in the cybersecurity issues that may qualify for a SEC whistleblower reward or for protection under the whistleblower protection provision of the Sarbanes-Oxley Act. Recently the Wall Street Journal quoted Dallas Hammer, the head of our cybersecurity whistleblower practice, in an article titled Cybersecurity Whistleblowers Are Growing Corporate Challenge.
See our leading guide to cybersecurity whistleblower rewards and protections: Practitioners Guide to Cybersecurity Whistleblowing.
Leading Cybersecurity Whistleblower Attorneys
Whistleblower attorney Dallas Hammer is a leading cybersecurity whistleblower attorney and has written extensively about protections for cybersecurity whistleblowers, including the following publications:
- The Rise of Cybersecurity Whistleblowing, NYU Law Compliance & Enforcement Blog (December 2016)
- Cybersecurity Whistleblowing: What Employees at Public Companies Should Know Before Reporting Information Security Concerns, ISSA Journal (June 2016)
- Effective Cybersecurity and Data Protection Legislation Should Protect WhistleblowersNYU Law Compliance & Enforcement Blog (May 2019)
Hammer explained that raising concerns about cybersecurity issues qualifies for protection under the Sarbanes-Oxey whistleblower law: He cited as an example the Prioleau whistleblower case: “That case is about an employee who raised cybersecurity concerns about two policies that contradicted each other. He raised those through his chain of command. He was ignored and experienced retaliation. The question was whether blowing the whistle on these cybersecurity issues qualified for protection under the Sarbanes Oxley Act, which was originally passed with more of a focus on corporate and audit fraud. The Administrative Review Board of the Department of Labor found that such a disclosure was in fact protected.”
In the article, Hammer also discusses his substantial experience representing whistleblowers that have disclosed cybersecurity vulnerabilities and weaknesses in information technology internal controls. He noted that cybersecurity whistleblowers that he represented have disclosed important compliance issues in many industries: “What we have seen in other contexts — for example, fraud on the government in general — is that when people start to listen to whistleblowers, it does help fix the problem. It brings a new set of eyes — eyes that are in a position to know things that outside regulators do not know, that the public at large does not know. It helps fix the problem.”
The whistleblower lawyers at Zuckerman Law have substantial experience litigating Sarbanes Oxley whistleblower retaliation claims and have achieved substantial recoveries for officers, executives, accountants, auditors, and other senior professionals. To learn more about corporate whistleblower protections, see our Sarbanes-Oxley Whistleblower Protection FAQ. Click here to read client testimonials about the firm’s work in SOX whistleblower matters and other employment-related litigation.
Guide to Sarbanes-Oxley Corporate Whistleblower Protection Law
The whistleblower protection provision of the Sarbanes-Oxley Act provides robust protection to cybersecurity whistleblowers, and indeed some SOX whistleblowers have achieved substantial recoveries. Earlier this year, a former in-house counsel at a biotechnology company recovered $11 million in a SOX whistleblower retaliation case alleging that the company fired him for disclosing violations of the Foreign Corrupt Practices Act.
On the fifteenth anniversary of SOX, leading whistleblower law firm Zuckerman Law released a free guide to the SOX whistleblower protection law: Sarbanes-Oxley Whistleblower Protection: Robust Protection for Corporate Whistleblowers. The guide summarizes SOX whistleblower protections and offers concrete tips for corporate whistleblowers based on lessons learned during years of litigating SOX whistleblower cases.
The goal of the guide is to arm corporate whistleblowers with the knowledge to effectively combat whistleblower retaliation, avoid the pitfalls that can weaken a SOX whistleblower case, and formulate an effective strategy to obtain the maximum recovery.
SEC Whistleblower Lawyers’ Guide to SEC Whistleblower Rules and SEC Whistleblower Program
In the SEC Whistleblower Program: Tips from SEC Whistleblower Attorneys to Maximize an SEC Whistleblower Award, the whistleblower lawyers at Zuckerman Law share their experience gained from representing whistleblowers before the SEC. Download this free guide today.
The guide covers the following topics:
Overview of the SEC Whistleblower Program
- What is the SEC Whistleblower Program?
- Can I submit an anonymous tip to the SEC Whistleblower Office?
- What employment protections are available for SEC whistleblowers?
- What violations qualify for an SEC whistleblower award?
- What are the largest SEC whistleblower awards?
Whistleblowers Eligible for an Award
- Who is an eligible SEC whistleblower?
- Can I submit a claim if I had involvement in the fraud or misconduct?
- Can I submit a tip if I agreed to a confidentiality provision in an employment/severance agreement?
- Can compliance personnel, auditors, officers or directors qualify for an SEC whistleblower award?
Reporting to the SEC and Maximizing Award Percentage
- When is the best time to report the fraud or misconduct to the SEC?
- Do I have to report the violation to my company before reporting the violation to the SEC?
- Can I submit an SEC Whistleblower claim if the SEC already has an open investigation into the matter?
- How do I submit a tip to the SEC?
- What type of evidence should I provide to the SEC?
- What factors does the SEC consider when determining the amount of the award?
- Why should I choose the Zuckerman Law to represent me in my SEC whistleblower claim?
After Reporting to the SEC
- What happens after I submit a tip to the SEC?
- How long does it take to receive an SEC whistleblower award?