Bloomberg Anywhere Remote Login Bloomberg Terminal Demo Request


Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.


Financial Products

Enterprise Products


Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000


Industry Products

Media Services

Follow Us

Bloomberg Customers

Cyber-Info Sharing by Firms Isn’t Antitrust Violation

U.S. antitrust officials won’t pursue claims against companies for sharing information about cyberthreats, removing a potential obstacle to defending against attacks.

Information-sharing about cyberthreats can be done lawfully as long as companies aren’t discussing competitive information such as pricing, the Justice Department and Federal Trade Commission said in a joint statement today.

“This is an antitrust no-brainer,” Bill Baer, the head of the Justice Department’s antitrust division, said. “Companies who engage in properly designed cyberthreat information sharing will not run afoul of the antitrust laws.”

The proportion of companies reporting losses of $10 million or more as a result of cybersecurity incidents has risen 51 percent since 2011, according to a survey last year of 9,600 executives in 115 countries by PricewaterhouseCoopers LLP. About 7 percent of respondents said they had suffered such losses.

“Companies have told us that concerns about antitrust liability has been a barrier to being able to openly share cyberthreat information,” said Deputy Attorney General James Cole. “Antitrust concerns should not get in the way of sharing cybersecurity information.”

The U.S. Securities and Exchange Commission is reviewing how companies disclose cyberthreats to investors in public filings. Businesses including Target Corp., from which hackers stole payment-card data for millions of shoppers in December, are required to disclose such threats when the information would affect an investor’s willingness to own the company’s shares.

Companies aren’t required by the SEC to disclose all cyber-attacks, though the regulator routinely reviews how incidents are described in annual reports. Some lawmakers, including Senator Jay Rockefeller, a West Virginia Democrat, have asked the agency to consider making the disclosures mandatory.

Please upgrade your Browser

Your browser is out-of-date. Please download one of these excellent browsers:

Chrome, Firefox, Safari, Opera or Internet Explorer.