Although it is not news that companies are often the targets of hackers, what might be news is the Securities and Exchange Commissions recent push for disclosure. From a public relations and an investor relations perspective, such disclosures have merit. Linda Sandler explains the rationale (The SEC Says Speak Up About Hack Attacks Bloomberg Businessweek 9/10/129/16/12, pp. 4950):
The SEC doesnt have the authority to order companies to spend money on security controls. What it can do is make them report cyber-risks so potential investors are aware of the problems. Under securities law, companies must disclose material information, meaning data that might influence investors decisions. (p. 50)
Increasing numbers of companies have received letters from the SEC about this concern, including Google, Amazon, American International Group, Hartford Financial Services, Eastman Chemical, and Quest Diagnostics. I suspect this new emphasis will motivate many companies to enhance their cybersecurity. If you can lock down your IT systems more effectively today, then you greatly reduce the risk of having to publicize an embarrassing hacker victory tomorrow.
Although the need for increased scrutiny is unfortunate, happily, it generates some very positive outcomes with respect to public relations and investor relations. If Im doing business with a company or investing in that company, I want to know it is running a tight ship. Improved cybersecurity accomplishes that.
Finally, when those painful and embarrassing hacks do happen, full disclosure at least keeps customers, partners, and investors in the loop. Then everyone is free to move ahead with the benefit of full knowledge.
style=”border:none; width:450px; height:80px”>