The real-time exchange of intelligence between government agencies and private companies is becoming one of the hottest topics in data security. U.S. Securities and Exchange Commission Chairwoman Mary Jo White may want to take precautions a bit further than where they currently are, as she has asked her staff to review whether publicly traded companies should have to disclose more information about cyberattacks that occur on their networks.
In a letter to Senate Commerce Committee Chairman Jay Rockefeller, White said she wants a briefing of the of current cyber attack disclosure practices, as well as any recommendations that there might be for helping to improve this process. White's letter, dated for May 1, said guidance to companies have had a positive impact on informing the public of cyberthreats. This guidance asked publicly traded companies to tell investors of the threat and potential impact of cyberattacks that may have on operating capacity. She said staff is using information gathered to evaluate how this guidance has been working.
Thus far, a Bloomberg review of the filings said 27 of the largest U.S. companies have disclosed cyberattacks to the SEC this year and said there has been no major financial loss incurred. However, the news source said this differs from reports from government officials who said billions of dollars worth of corporate secrets were stolen.
Rockefeller said this letter shows that White and the SEC are trying to prioritize disclosure requirements.
"It's important for investors to understand whether companies are effectively addressing all forms of risk, from financial and operational to cyber, and this information is a key element in the legislation that the Senate is working on to strengthen our nation's cybersecurity," Rockefeller said.
In a letter from April of this year which Rockefeller sent to White, he said the SEC needed to look at the guidance at the commission level. While they have helped he believes they were still not sufficient for investors to learn the true value and costs of cyberthreats to these businesses. White has yet to say whether this guidance will be toughened, but Rockefeller wrote in an email to Bloomberg that her letter makes it clear that they will continue to monitor and manage the risks of cybersecurity. He believes this kind of data security information is imperative for companies and their investors to know about, which is why Senators are working hard on issues such as these.
Security News from SimplySecurity.com by Trend Micro