SEC Changes Disclosure Rules on Reporting Cyber Attacks

The U.S. Securities and Exchange Commission (SEC) released new guidelines on Thursday that require publicly traded companies to disclose when they are the victim of a security breach or cyber attack. The new guidelines are the result of members of congress pressuring the watchdog agency to add them following several major cyber attacks earlier this year. Senator John Rockefeller is one of those lawmakers. The SEC said Thursday that if a cyber attack occurs and leads to losses, then companies should disclose the losses, or attempt to estimate what is reasonably possible in terms of a financial impact.

“Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything,” Rockefeller said in a statement to Reuters.

The SEC said that, while it won't require companies to describe how they will protect themselves in the aftermath of a cyber attack, they do have to disclose the cost of fixing compromised networks, increased security costs, related lost revenues, losses related to losing customers, litigation costs, and possible costs related to a hit in their reputation.

This year several major corporations have been hit with cyber attacks including Sony, Google, Lockheed Martin, Citigroup, the International Monetary Fund and others.

You can read the new guidelines here.

Source: VentureBeat

Tweet about this on TwitterShare on FacebookShare on Google+Share on RedditEmail this to someone

Leave a Reply