If you’re wondering if businesses, who’ve been targets of cybercrime, have been properly handling the fallout, you have company: The U.S. Securities and Exchange Commission.
- Did the businesses adequately protect data?
- Were investors properly notified about the breach’s impact?
One of the companies being investigated is Target Corp.
The SEC, historically, has concentrated on giving guidance to companies regarding disclosure of data-breach risks, and the SEC has traditionally also assisted with ensuring that financial companies were well-equipped against hackers.
But the SEC doesn’t like when there seems to be incomplete disclosures of the data breaches or some kind of perceived misleading information.
For example, Target didn’t disclose its breach until the day after it was first reported—by renowned security blogger Brian Krebs.
Just how much should companies say about breaches? This is being debated among regulators, corporate attorneys and activist investors.
Nevertheless, public companies owe it to investors to inform them of material compromises that could affect the investors’ decisions to sell or buy shares. A material attack, says the SEC, includes one that makes a company greatly boost what it spends on defenses, and one in which intellectual property is stolen.
Businesses in general would rather keep silent about breaches to avoid negative fallout. At the same time, it’s not easy to come up with evidence that a business should have disclosed more about a data breach than it actually did. A stolen trade secret, even, won’t necessarily be harmful to a big company’s growth or profits. The interpretation here varies almost as much as the different kinds of cyber attacks do.
Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Cyber Security Insurance Difficult for Business to Navigate
Cyber insurance is now booming, with about 50 carriers in the industry. An increasing number of companies have cyber insurance to protect against cyber crime. However, businesses claim it’s not easy to get adequate coverage. Losses from data breaches are difficult to quantify. The tangible losses are more easily insured, says a New York Times online
- Post-Data Breach Reputation Building
You WILL be hacked. Remember that mantra if you’re a business. Business leaders need to realize the effect that a data breach would have on customers and clients—an aftermath of distrust which can take a lot of time and money to rebuild. Interactions is a customer experience marketing group that released a study called “Retail’s Reality:
- Data Breaches Equal Job Loss
Is it coincidence that Beth Jacob CIO resigned from her job as chief information officer of Target Corporation? Or could this possibly be connected to the data breach that slammed Target in December of 2013, affecting as many as 70 million customers? Being a CIO is no easy task, especially when you have thousands of
- Cloud Data Breaches mo’ Money
IT people need to beef up their opinions about cloud security, says a recent report by the Ponemon Institute called “Data Breach: The Cloud Multiplier Effect.” Yes, data breaches occur in the cloud. In fact, it can be triple the cost of a data breach involving a brick and mortar medium. The report put together data from
- Credit Card Theft increasing for Banks and Retailers
2013 was the year of 740 million records involving data breaches. And that number may be erring quite on the conservative side, according to the Online Trust Alliance. The records come from a list on the Privacy Rights Clearinghouse Chronology Data Base. The list is that of publically disclosed breaches, including the alleged 110 million that struck