Whistling in the dark and trying to keep folks from seeing the egg on your face can be a tricky task. Some believe that is exactly what many major corporations are doing today when it comes to cybersecurity. We hear almost daily about security breaches and we wonder if our data is safe. Simultaneously, most companies seem to downplay the effects of these rampant attacks by saying it’s not as bad as it sounds (Chris Strohm, Eric Engleman, and Dave Michaels, “Cyber Attack? What Cyber Attack?” Bloomberg Businessweek, 4/15/13–4/21/13, pp. 40–41):
“Among the 27 largest U.S. companies reporting cyber attacks—including MetLife, Coca-Cola, and Honeywell International—almost all said there has been no material impact from computer breaches.” (p. 40)
In October 2011, the SEC declared companies had an obligation to announce any information on cyber attacks that could affect investors’ decisions about buying, selling, or holding stock. My, how the plot thickens! The problem here is:
“regulators want more information about cyber attacks, yet businesses don’t want to provide hackers with a road map to their networks.” (p. 40)
Given these conflicting priorities, knowing whom to believe becomes difficult. Oh well, perhaps it’s not as bad as it sounds. Perhaps it’s worse.