« Hustler Publisher Sued for $20M By His Brother | Main | Groupon Files for Discounted IPO »

Should Companies Be Required to Disclose Cyber Attacks?

Lee/Bloomberg via Getty Images(NEW YORK) -- The Securities and Exchange Commission is now advising publicly traded companies such as Bank of America to disclose harmful cyber attacks as a part of their annual reporting procedure to federal regulators.

The SEC laid out guidance last week; the advisory coming out less than two weeks after Bank of America denied allegations of a cyber attack against its consumer website. The bank attributed the disruption in service to “high volume.”

 “This guidance fundamentally changes the way companies will address cybersecurity in the 21st century,” Sen. Jay Rockefeller, D-W.V., in a statement. “For years, cyber risks and incidents material to investors have gone unreported in spite of existing legal obligations to disclose them.”

Under the old guidelines, companies were not obligated to disclose cyber attacks to investors because they did not technically constitute a material loss.  But many experts estimate that U.S. companies have already lost billions of dollars to foreign competitors in the form of intellectual property rights.

But some companies are choosing to ignore cyber threats out of financial hardship.  The computer security firm McAfee found that more than half of all companies surveyed in 2008 did not pursue investigations into a cyber incident because of cost.

Copyright 2011 ABC News Radio

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

ABC News Radio