To find out more about whistleblower rewards and protections for cybersecurity whistleblowers, call us at 202-262-8959 for a free, confidential consultation.
We are well versed in the cybersecurity issues that may qualify for an SEC whistleblower award, a CFTC whistleblower award, or a False Claims Act qui tam relator award. In addition, we have extensive experience representing cybersecurity whistleblowers in retaliation actions under the whistleblower protection provision of the Sarbanes-Oxley Act and under laws that protects employees of government contractors disclosing cybersecurity deficiencies.
The SEC’s 2024 Examination Priorities set forth the SEC’s continued focus on broker-dealer and investment adviser cybersecurity compliance:
The Division will continue to review broker-dealers’ and advisers’ practices to prevent interruptions to mission-critical services and to protect investor information, records, and assets. Operational disruption risks remain elevated due to the proliferation of cybersecurity attacks, firms’ dispersed operations, intense weather-related events, and geopolitical concerns. Given these risks and concerns, cybersecurity remains a perennial focus area for all registrants.
The Division will focus on registrants’ policies and procedures, internal controls, oversight of third-party vendors (where applicable), governance practices, and responses to cyber-related incidents, including those related to ransomware attacks. Part of this review will consider whether registrants adequately train staff regarding their identity theft prevention program and their policies and procedures designed to protect customer records and information.
With respect to third-party products and services in particular, the Division will continue to assess how registrants identify and address risks to essential business operations. In connection with its mission to inform policy, the Division will also look at the concentration risk associated with the use of third-party providers, including how registrants are managing this risk and the potential impact to the U.S. securities markets.In addition, many broker-dealers and advisers consist of a main office and multiple other branch offices. Examinations of broker-dealers and advisers will continue to look at firms’ practices to prevent account intrusions and safeguard customer records and information, including personally identifiable information, especially as it pertains to their multiple other offices.
Lastly, the Commission adopted rule changes to shorten the standard settlement cycle for most broker-dealer
transactions from two business days after the trade date to one business day after the trade date. In connection with this change, the Division will assess registrant preparations associated with this shortening of the settlement cycle, which has a compliance date of May 28, 2024.
Examinations of broker-dealers and advisers will continue to look at firms’ practices to promote cyber resiliency. Reviews will include firm practices, policies, and procedures to prevent account intrusions and safeguard customer records and information, including personally identifiable information. Additional focus will be on the cybersecurity issues associated with the use of third-party vendors, including registrant visibility into the security and integrity of third-party products and services. The Division will also review whether there has been an unauthorized use of third-party providers.
The SEC can take enforcement action for a wide variety of cybersecurity violations, including:
To schedule a free preliminary consultation, click here or call us at 202-262-8959.
The whistleblower protection provision of the Sarbanes-Oxley Act provides robust protection to cybersecurity whistleblowers, and indeed some SOX whistleblowers have achieved substantial recoveries. Leading whistleblower law firm Zuckerman Law has issued a guide to the SOX whistleblower protection law: Sarbanes-Oxley Whistleblower Protection: Robust Protection for Corporate Whistleblowers. The guide summarizes SOX whistleblower protections and offers concrete tips for corporate whistleblowers based on lessons learned during years of litigating SOX whistleblower cases.
The goal of the guide is to arm corporate whistleblowers with the knowledge to effectively combat whistleblower retaliation, avoid the pitfalls that can weaken a SOX whistleblower case, and formulate an effective strategy to obtain the maximum recovery.
Whistleblower attorney Dallas Hammer is a leading cybersecurity whistleblower attorney and has helped whistleblowers disclose significant wrongdoing concerning cybersecurity, information security, and data privacy. He has also written extensively about protections for cybersecurity whistleblowers, including the following publications:
Dallas Hammer was interviewed by Corporate Crime Reporter regarding the rise of cybersecurity whistleblowing.
Hammer explained that raising concerns about cybersecurity issues qualifies for protection under the Sarbanes-Oxley whistleblower law: He cited as an example the Prioleau whistleblower case: “That case is about an employee who raised cybersecurity concerns about two policies that contradicted each other. He raised those through his chain of command. He was ignored and experienced retaliation. The question was whether blowing the whistle on these cybersecurity issues qualified for protection under the Sarbanes Oxley Act, which was originally passed with more of a focus on corporate and audit fraud. The Administrative Review Board of the Department of Labor found that such a disclosure was in fact protected.”
In the article, Hammer also discusses his substantial experience representing whistleblowers that have disclosed cybersecurity vulnerabilities and weaknesses in information technology internal controls. He noted that cybersecurity whistleblowers that he represented have disclosed important compliance issues in many industries: “What we have seen in other contexts — for example, fraud on the government in general — is that when people start to listen to whistleblowers, it does help fix the problem. It brings a new set of eyes — eyes that are in a position to know things that outside regulators do not know, that the public at large does not know. It helps fix the problem.”
Summary
We are a Washington, DC-based law firm that represents whistleblowers in whistleblower rewards and whistleblower retaliation matters and litigates discrimination claims on behalf of employees in the District of Columbia, Maryland, and Virginia. The firm is dedicated to zealously advocating on behalf of our clients to achieve justice and accountability.