Hacked Companies Aren’t Reporting Cyber Risks

Posted on Feb 2 2012 - 3:03pm by Editorial Staff

According to Reuters, after review of 2000+ filings since SEC found some companies – including Internet Infrastructure giants – VeriSign Inc. and Credit Card and Debit Card Transaction processor – VeriFone Systems Inc., accounts for significantly “large and new” numbers of hacking incidents. Securities and Exchange Commission issued a lengthy “guidance” document on October 13 outlining how and when publicly traded companies should report hacking incidents and cybersecurity risk.

“It’s completely confusing to me why companies aren’t reporting cyber risks” if only to avoid SEC enforcement or private lawsuits, said Jacob Olcott, former counsel for the Senate Commerce committee. The chair of that committee, John D. Rockefeller, urged the SEC to act last year.

Stewart Baker, a corporate attorney and former assistant secretary of the Department of Homeland Security, said the SEC guidance was detailed enough that companies that know they have been hacked will “have to work pretty hard not to disclose something about the scope and risk of the intrusion.” Otherwise, “this is an opportunity for enforcement that practically hands the case to the SEC on a platter,” Baker said.

Cybersecurity has been on increase in United States. Security experts believe hackers are frequently targeting valuable digital information including strategic plans, blueprints and secret formulas – employee data likely was not the hackers’ target.

About the Author

Editorial Staff at I2Mag is a team of subject experts.