Commission on Securities and Exchange Commission (SEC) has demanded from listed companies to disclose information about U.S. attacks.
The body regulating the securities market has given firms know that they can no longer hide the cyber-attacks if they can inflict financial damage to companies or to make financial information available to potential investors misinformation.
Here is the formal text of the manual:
Registrants should describe the risks of cyber security and incidents in their MD & A [analyzes the company's management performance and financial position] if costs or other effects associated with one or more well-known incident, and the risks of potential incidents can be a significant event to change the direction of development, and also if there is a likelihood that they will have a significant effect on the registrant’s results of operations, liquidity or financial condition or result to that reported financial information would not necessarily be an indicator of future performance or financial position.
The new leadership came at a time when more and more well-known and reliable companies are victims of cyber crime.
Senator Jay Rockefeller has asked SEC to issue guidance to help investors make more informed decisions on the basis of information received.
“Cyber ??criminals was stolen intellectual property worth billions of dollars, and investors at the same time kept in the dark. This guide will change everything” – a statement Rockefeller.
“This will allow the market to evaluate companies with the ability to ensure the security of their networks. We want to make an informed and knowledgeable consumer market, and with new leadership we will get it.”
A representative of the UK Financial Services Authority said that cyber attacks “will be included in our rules, which state that companies must disclose all material information.” Thus, there is little guidance on hacking, but that could affect the financial position of firms, should be disclosed.