Barnes & Thornburg's Cloud Computing Blog header

Securities and Exchange Commission


SEC Asks Public Companies to Disclose Cyber Attacks
October 18, 2011 4:24 PM | Posted by Roy Hadley | Permalink

Reuters is reporting that the United States Securities and Exchange Commission has formally asked public companies to disclose cyber attacks against them.  This is the first such request by the SEC to public companies.  The SEC issued guidelines on last Thursday that set forth the new information that all public companies should disclose. This request follows a series of high profile cyber attacks and other internet crimes.

 

According to the Reuters article, the SEC has asked for very specific information including “examples of estimates that may be affected by cyber incidents includ[ing] estimates of warranty liability, allowances for product returns, capitalized software costs, inventory, litigation and deferred revenue.” 

 

Clearly, cyber security is becoming a high profile item as evidenced by this recent requirement by the SEC.  All companies, both public and private, should evaluate their cyber security protocols and procedures and adjust them as necessary to deal with the increasing threats.  You can read the rest of the Reuters article here:

 

http://newsandinsight.thomsonreuters.com/Legal/News/2011/10_-_October/SEC_asks_companies_to_disclose_cyber_attacks/

read more
Comment | 
SEC Urged to Take Action on Disclosure of Cyber-Attacks: Litigation Likely to Follow
May 17, 2011 4:31 PM | Posted by John Watkins | Permalink
The Wall Street Journal recently reported that a group of U.S. lawmakers, including Senator Jay Rockefeller, Senate Commerce Committee Chair, are urging the Securities and Exchange Commission to issue guidance for companies for reporting when they have been the victim of a major cyber attack.

According to the article, the lawmakers want companies to report on trade secrets and intellectual property that may have been compromised in the attack.

The article further reported that a 2009 study by insurance underwriter Hiscox found that 38 percent of Fortune 500 companies made an oversight when they failed to report in public filings on the risks of data security breaches.

This report is not surprising in light of many recent high-profile cyber attacks and data breaches, including of the Sony Playstation network. Prudent public company executives will want to review their internal requirements on security breaches. Ideally, this should include a review of security measures in place to thwart attacks, as well as disaster recovery procedures in the event of an attack. The WSJ article also highlights that companies should carefully review their SEC reporting requirements.

As readers of this blog know, I am not an expert in implementing information security and disaster recovery procedures. Readers needing guidance in this area should contact Roy Hadley or the other legal professionals in the firm. I am also not a securities regulatory lawyer.

My area of focus is in litigation, including litigation that involves technology issues. I have observed trends and developments in business litigation for over 25 years. There are very few sure things in litigation, but one thing business can count on are plaintiffs’ lawyers following risks identified by lawmakers or regulators.

Companies should act to minimize their cyber risks before the regulator comes calling or the class action complaint is served. read more
Comment | 
 
About the Blog –This blog provides commentary and perspective on cloud computing and cyber security.