May 17, 2011 4:31 PM | Posted by
John Watkins |
The Wall Street Journal recently reported
that a group of U.S. lawmakers, including Senator Jay Rockefeller, Senate Commerce Committee Chair, are urging the Securities and Exchange Commission to issue guidance for companies for reporting when they have been the victim of a major cyber attack.
According to the article, the lawmakers want companies to report on trade secrets and intellectual property that may have been compromised in the attack.
The article further reported that a 2009 study by insurance underwriter Hiscox found that 38 percent of Fortune 500 companies made an oversight when they failed to report in public filings on the risks of data security breaches.
This report is not surprising in light of many recent high-profile cyber attacks and data breaches, including of the Sony Playstation network. Prudent public company executives will want to review their internal requirements on security breaches. Ideally, this should include a review of security measures in place to thwart attacks, as well as disaster recovery procedures in the event of an attack. The WSJ article also highlights that companies should carefully review their SEC reporting requirements.
As readers of this blog know, I am not an expert in implementing information security and disaster recovery procedures. Readers needing guidance in this area should contact Roy Hadley or the other legal professionals in the firm. I am also not a securities regulatory lawyer.
My area of focus is in litigation, including litigation that involves technology issues. I have observed trends and developments in business litigation for over 25 years. There are very few sure things in litigation, but one thing business can count on are plaintiffs’ lawyers following risks identified by lawmakers or regulators.
Companies should act to minimize their cyber risks before the regulator comes calling or the class action complaint is served. read more