Signals from the U.S. Securities and Exchange Commission over how seriously it takes cybersecurity, combined with a Supreme Court ruling on whistleblower protections, are putting pressure on companies to be more careful about how they deal with potential tipsters, lawyers say.
The securities regulator issued guidance in February on how companies should handle cybersecurity issues. In April it fined Altaba Inc., formerly Yahoo Inc., $35 million over its handling of a 2014 hack, marking the first time the SEC penalized the victim of a breach.
“It’s going to incentivize people inside an organization to step forward and disclose,” said Brian Mahany, a whistleblower lawyer and founder of Mahany Law LLC. “I think the SEC is saying to companies, ‘We’re taking this seriously. You take it seriously.’”
Two of the five SEC commissioners—Kara Stein and Robert Jackson Jr.—said after the guidance was released that the agency hasn’t gone far enough, a sign of pressure from the top to deal with cybersecurity concerns.