We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
RSS FeedRisk

SEC demands cyber security disclosure


US financial markets regulator says data breaches affect investment

Article comments

Public companies may need to look more closely at their exposure to cyberattacks after new guidelines were released this week by the US regulator the Securities and Exchange Commission (SEC).

The guidelines, from the SEC's division of corporation finance, aim to help companies determine when they need to disclose cyberattacks or the amount of risk they pose to a business.

In general, public companies in the US are required to disclose incidents that could have a material impact on their business. While the current regulations don't specifically mention cyberattacks, the new guidelines say they need to be reported in some cases.

Companies should disclose the risk of cyber-incidents "if these issues are among the most significant factors that make an investment in the company speculative or risky," say the new guidelines.

To determine that, companies need to look at factors such as how likely it is they will be targeted by an attack and what the cost of an attack might be, in terms of disruption to operations or loss of sensitive data.

They may also be required to give details about hacking incidents that took place in the past.

"For example, if a registrant experienced a material cyberattack in which malware was embedded in its systems and customer data was compromised, it likely would not be sufficient for the registrant to disclose that there is a risk that such an attack may occur." Instead, they would probably be required to reveal specifics of the incident, the SEC said.

The guidelines come in a year that has seen numerous high profile hacking incidents, including a massive attack on Sony that forced it to take its PlayStation Network offline for more than a month.

The risk of cyberattacks has always been a potential disclosure issue, but the SEC guidance "really highlights the issue and brings it to the fore," according to David Navetta, a founding partner of Information Law Group, which provides legal services related to IT matters.

Even so, he wrote in a company blog post, "materiality is still going to be a big issue, and not every breach will need to be reported as many/most will not likely involve the potential for a material impact to a company."

One interpretation of the guidelines is that "companies internally are going to have to more carefully forecast and estimate the impact of cyber incidents and the consequences of failing to implement adequate security," Navetta wrote.

"This analysis will go well beyond privacy-related security issues where most companies have focused (due to various privacy laws and regulator activity), and implicate key operational issues impacted by security breaches," he said.

Share:

Recommended Articles

Comments

SEC demands cyber security disclosure
Risk

Managing the costs of arbitration when a deal goes wrong

Managing the costs of arbitration when a deal goes wrong

CFOs should be involved in international deal negotiations from the startmore ..


Home Depot confirms breach

Home Depot on Monday confirmed that intruders broke into its payment networks and accessed credit and debit card data of an unspecified number of customers who shopped at its U.S. and Canadian stores.more ..

Home Depot breach could potentially be as big as Target's

In what could turn out to be another huge data breach, Home Depot on Tuesday confirmed that it is investigating a potential compromise of credit card and debit card data belonging to an unspecified number of customers.more ..

EU fines Samsung, Philips and others for smartcard cartel

The companies exchanged sensitive commercial information on pricing, customers and contract negotiations, the Commission saidmore ..

The making of a cybercrime industry

And they're employing tried and tested above-board business methodsmore ..

Is there a bulwark against the rising pound for UK exporters?

Currency volatility has prompted a surge in the use of hedging tacticsmore ..

Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.



In Depth
Can finance rise to the challenge of major transformation?

Can finance rise to the challenge of major transformation?

Outdated finance processes, systems and competencies leave too many questions unanswered more ..

In Depth
Interim CFO or consultant? The pros and cons

Interim CFO or consultant? The pros and cons

Ed Harding offers an insight into the life of an interim CFO and the advantages in driving transformation more ..

Advertisement

* *