With the SEC pushing companies to come clean about their security breaches it will be rather interesting to see who comes clean in the coming months.
From Bloomberg:
Over the next three months, as publicly traded companies file 10-K’s, investors may see new admissions of corporate networks being hacked after the SEC said companies can’t continue to hold back the details of those incidents.
As cyberspies from China, Russia and other countries ransack the computer networks of one major U.S. and European firm after the next, the SEC in October offered its new interpretation of disclosure requirements as applied to cybercrime. The amount of information that’s forthcoming will depend on whether company lawyers determine the incidents had, or will have, a material effect on the enterprise.
The question that I have is what kind of penalties are associated (if at all) with failure to disclose if they have been hacked? There is one company in particular that I know was hacked last year and I know that they swept it under the rug. Would be very interested to see if they end up airing their dirty laundry.
“You will see an increased mention of cybersecurity risk- factor disclosure as a result of the SEC guidance,†said Amy L. Goodman, co-chairman of the securities regulation practice group at Gibson, Dunn & Crutcher LLP. “In terms of disclosure of actual cyberattacks, I think it’s too early to tell.â€
That could be a wild ride if disclosures start appearing in filings.
Source: Article Link
(Image used under CC from mlhradio)