Bloomberg Anywhere Remote Login Bloomberg Terminal Demo Request

Bloomberg

Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.

Company

Financial Products

Enterprise Products

Media

Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000

Communications

Industry Products

Media Services

Follow Us

Bloomberg Customers

SEC Urges Disclosure of Hacker Threats in Public Company Filings

Publicly traded companies should disclose real or potential cyber attacks capable of disrupting business operations or financial stability, the U.S. Securities and Exchange Commission said.

Under guidance issued yesterday by the agency’s division of corporation finance, the SEC said financial statements should address the threat posed by hackers if a network breach is “reasonably likely” to have a material effect on a company, including the theft of intellectual property or increased security costs.

“This guidance fundamentally changes the way companies will address cybersecurity in the 21st century,” Senator Jay Rockefeller, a West Virginia Democrat, said in a news release. Rockefeller and four other senators wrote to SEC Chairman Mary Schapiro on May 11 urging the agency to issue recommendations regarding corporate disclosure of cybersecurity risk.

Data breaches at Sony Corp., Citigroup Inc. and other companies have sharpened U.S. government scrutiny of how businesses safeguard consumer information and respond to cyber attacks. The Obama administration on May 12 sent Congress a proposal that called for shielding banks, power grids and government computers, creating a uniform data-breach notification law and requiring owners of critical systems to develop network-security plans.

“For years, cyber risks and incidents material to investors have gone unreported in spite of existing legal obligations to disclose them,” Rockefeller, chairman of the Senate Commerce Committee, said. “Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark.”

Cybersecurity Legislation

A House Republican task force led by William “Mac” Thornberry of Texas released recommendations for boosting the nation’s cybersecurity that emphasize voluntary industry incentives. Senate Majority Leader Harry Reid, a Nevada Democrat, is compiling comprehensive cybersecurity legislation.

In its guidance, the SEC said it recognizes concerns that “detailed disclosures” may give hackers a road map to infiltrate corporate networks, and said such disclosures are not required under federal securities law. The agency also cautioned companies to avoid generic “boilerplate” disclosures and instead provide “sufficient” information to “allow investors to appreciate the nature of the risks.”

SEC spokesman John Nester declined to comment beyond the agency’s guidance.

Please upgrade your Browser

Your browser is out-of-date. Please download one of these excellent browsers:

Chrome, Firefox, Safari, Opera or Internet Explorer.