The US Securities and Exchange Commission will take no action against nine public companies that lost $100 million through email fraud, but warned that regulated companies may need to reassess their accounting controls in light of emerging cyber risks.