Data Breach Disclosure an Area of Contention

This past October, the Securities and Exchange Commission (SEC) issued new rules on what corporations are expected to do in the event of a data breach to their network — report the breech to the SEC. However, many companies are reluctant to do this because of any perceived weakness in network security by the public, which can potentially lead to reduced shareholder confidence and damage the company’s reputation.

Even worse, indications are that the hacking of corporate resources is a common and widespread occurrence, costing the companies subjected to such cyber attacks and their consumers literally billions of dollars a year. It is fear of revenue loss that fuels non-compliance to new SEC rules, for the most part, and until the stigma of having your digital assets hacked can be lessened, chances are that reporting will continue to be low.

With nearly 40% of Fortune 500 companies and corporations failing to report cyber attacks on their systems, this is an ongoing problem. By requiring companies to disclose such losses, the real concern is that companies could be sued by their shareholders for revealing too little about their preparedness and how open they might be to attack, especially if they suffer losses at a later date. On the other hand, revealing too much could facilitate attacks, as cyber criminals might use such admissions to help design their attacks to thwart available company security measures.

What’s worse is that some companies are unaware that their sensitive data has even been compromised. Inadequate protection, especially against such cyber attacks, called advanced persistent threats by experts, means the realization that a company’s secrets and data could be compromised and that the company wouldn’t know until much later, if it ever found out at all.

This has led to a general air of trying to hide such breaches from customers in an attempt to save face, keep such information from leading to a loss of profits, and even avoid costly litigation.

For more information about the SEC requirements and responses by businesses, visit: