Thursday, November 3, 2011

SEC Calls For Companies To Disclose Potential Hacker Infiltration

If there was any doubt that this is the year of the security breach, the SEC put those doubts to rest earlier this month, when they announced a decision to require publicly traded companies to disclose all security breaches and threats to identity protection . Calling to task the sheer volume of security breeches reported this year from such big names as Gucci and Sony, the SEC even requires companies to report when the "risk of potential incidents" becomes so high as to impact the bottom line.

Among the demands listed by the SEC in the official statement, the new regulation demands "discussion of aspects of the registrant's business or operations that give rise to material cybersecurity risks and the potential costs and consequences." The SEC demands descriptions of cyber incidents and potential security risks present in the company's IT framework. For example, companies not requiring work-from-home employees to use VPN services would have to alert shareholders through the SEC.

"For years, cyber risks and incidents material to investors have gone unreported in spite of existing legal obligations to disclose them," Sen. John Rockefeller IV, chairman of the Senate Commerce committee said. "Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark."

High-profile breaches at companies like Gucci, Sony, Lockheed Martin, Yahoo, Google and Amazon have given rise to increased focus on private browsing and corporate VPN.