Feeds

Big biz told to reveal hack attacks

Investors need to know about compromises, says SEC

Choosing a cloud hosting partner with confidence

Publicly listed companies in the US have been asked to disclose when they've been hacked, according to new guidance issued by the Securities and Exchange Commission.

The market regulator has let firms know that they can no longer hide cyber attacks if that attack could cause financial damage to the company or make the financial information available to potential investors misleading.

Here's the formal language on the guidance:

Registrants should address cybersecurity risks and cyber incidents in their MD&A [management discussion and analysis] if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect on the registrant’s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition.

The new guidelines come at a time that more and more prominent and trusted companies become the victims of cybercrime.

Just this week, Sony warned users about a massive brute-force attack against PlayStation and Sony network accounts, of which 93,000 were compromised. And that came just a few months after the whole PlayStation network had to be shut down after a hack attack.

More worryingly, major bank Citigroup was breached in June and the data of 360,000 accounts was exposed.

High-profile hacks like these and the cyber attacks on Google, the US Air Force and the International Monetary Fund have got mere punters worried about security, but the poor old investors are even more concerned because they might lose some money by buying shares in cyber-vulnerable companies.

US Senator Jay Rockefeller had asked the SEC to issue the guidelines to help investors make more informed decisions.

"Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything," Rockefeller said in a statement, according to Reuters.

"It will allow the market to evaluate companies in part based on their ability to keep their networks secure. We want an informed market and informed consumers, and this is how we do it."

A spokesperson for the Financial Services Authority in the UK told The Register that cyber attacks "would come under our listing rules, which state that companies have to disclose material information". So there's no specific guidance on hacks, but anything that might affect a firm's financials should be disclosed. ®

Beginner's guide to SSL certificates

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.