BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

SEC asks companies to disclose cyberattacks

SEC asks companies to disclose cyberattacks

WASHINGTON (Reuters)—U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a rash of high-profile Internet crimes.

The U.S. Securities and Exchange Commission issued guidelines on Thursday that laid out the kind of information companies should disclose, such as cyber events that could lead to financial losses.

Sen. John Rockefeller, D-W.Va., had asked the SEC to issue guidelines amid concern that it was becoming hard for investors to assess security risks if companies failed to mention data breaches in their public filings.

"Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything," Sen. Rockefeller said in a statement.

"It will allow the market to evaluate companies in part based on their ability to keep their networks secure. We want an informed market and informed consumers, and this is how we do it," Sen. Rockefeller said in a statement.

There is a growing sense of urgency about cybersecurity following breaches at Google Inc., Lockheed Martin Corp.—the Pentagon's No. 1 supplier—Citigroup, the International Monetary Fund and others.

Tom Kellermann, chief technology officer of security firm AirPatrol Corp., said that the SEC guidance tells companies to report cyber attacks and disclose steps to remediate problems.

"They must also incorporate cyber events into their material risk reports," said Mr. Kellermann, who has advised U.S. President Obama on cyber policy.

The SEC gets into specifics, telling companies what type of data they might need to provide investors.

"Examples of estimates that may be affected by cyber incidents include estimates of warranty liability, allowances for product returns, capitalized software costs, inventory, litigation, and deferred revenue," it says.

The document can be accessed on the SEC's website.

A report out earlier this month found that U.S. banks are losing ground in the battle to combat credit and debit card fraud because they balk at the expense of higher security. Globally, however, security is improving in the payment industry, according to data from The Nilson Report, a California trade publication.

There is some hope of U.S. legislation to address the problem, although the House of Representatives appears more interested in tackling it piecemeal while the Senate is opting for a more far-reaching approach.

Most of the concern has been focused on critical facilities like nuclear power, electricity, chemical and water treatment plants.