Thursday, February 2, 2012

Many Companies Under-report Cybersecurity Threats

On October 13, 2012, the Securities and Exchange Commission issued guidance detailing how and when companies with publicly traded stocks and bonds should report hacking incidents and cybersecurity risks. Reuters has examined over 2,000 SEC filing and found a few specific disclosures. "Yet the vast majority of companies addressing the issue only used new boilerplate language to describe a general risk. Some hacking victims did not even do that," Joseph Menn of Reuters reports.

Under-reporting cybersecurity threats can be dangerous to the corporation that keeps quiet. "This is an opportunity for enforcement that practically hands the case to the SEC on a platter," said Steward Baker, a corporate attorney and formerly an assistant secretary of the Department of Homeland Security.

Defense contractors, known to be common targets of hackers, have done little in terms of reporting the threats they have dealt with.

Reuters reports:

"But security experts in and out of government have complained for years that most companies don't disclose even very successful hacking attacks, because they never find out about them or simply don't want to spook investors, customers or business partners.

"The U.S. National Counterintelligence Executive, in a landmark November report that openly accused China of sponsoring military and economic cyber espionage, said that it is hard for companies to estimate the impact of losses that might not be apparent for years."
Much more at:

http://news.yahoo.com/exclusive-hacked-companies-still-not-telling-investors-120436852.html

No comments:

Post a Comment