Hacked Companies Still Not Alerting Investors
February 9, 2012 by admin
Filed under Around The Net
Comments Off on Hacked Companies Still Not Alerting Investors
At least a half-dozen major U.S. companies whose computer networks have been breached by cyber criminals or international spies have not admitted to the incidents despite new guidance from securities regulators urging such disclosures.
Top U.S. cybersecurity officials believe corporate hacking is widespread, and the Securities and Exchange Commission issued a lengthy “guidance” document on October 13 outlining how and when publicly traded companies should report hacking incidents and cybersecurity risk.
But with one full quarter having elapsed since the SEC request, some major companies that are known to have had significant digital security breaches have said nothing about the incidents in their regulatory filings.
Defense contractor Lockheed Martin Corp, for example, said last May that it had fended off a “significant and tenacious” cyber attack on its networks. But Lockheed’s most recent 10-Q quarterly filing, like its filing for the period that included the attack, does not even list hacking as a generic risk, let alone state that it has been targeted.
A Reuters review of more than 2,000 filings since the SEC guidance found some companies, including Internet infrastructure company VeriSign Inc and credit card and debit card transaction processor VeriFone Systems Inc, revealed significant new information about hacking incidents.
Yet the vast majority of companies addressing the issue only used new boilerplate language to describe a general risk. Some hacking victims did not even do that.
SEC Asks Companies To Disclose Attacks
Comments Off on SEC Asks Companies To Disclose Attacks
U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a trend of high-profile cyber crimes.
The Securities and Exchange Commission issued guidelines on Thursday that laid out the kind of information companies should disclose, such as cyber events that could lead to financial losses.
Senator John Rockefeller had asked the SEC to issue guidelines amid concern that it was becoming hard for investors to assess security risks if companies failed to mention data breaches in their public filings.
“Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything,” Rockefeller said in a statement.
“It will allow the market to evaluate companies in part based on their ability to keep their networks secure. We want an informed market and informed consumers, and this is how we do it,” Rockefeller said in a statement.
There is a growing sense of urgency about cyber security following breaches at Google Inc, Lockheed Martin Corp, the Pentagon’s No. 1 supplier, Citigroup, the International Monetary Fund and others.