On October 16, the SEC issued a report on an investigation into whether nine public issuers that were victims of cyber-related frauds may have violated Sections 13(b)(2)(B)(i) and (iii) of the Exchange Act by failing to have a sufficient system of internal accounting controls to provide reasonable assurances that those frauds were detected and prevented. The issuers, which the SEC stated represent a variety of industries, were victims of two types of “business email compromise” scams that resulted in mostly unrecovered losses ranging from $1 million to over $45 million. While the SEC determined not to pursue enforcement actions against the issuers under investigation, it issued its report of investigation to make issuers aware that the cyber-related threats exist and concluded that all companies should re-assess the sufficiency not only of existing internal controls, but also of policies and procedures that ensure employee compliance with controls.