Slashdot Mirror

← Back to Stories (view on slashdot.org)

SEC Says Public Firms May Need To Disclose Cyberattacks

Posted by Soulskill on from the would-make-for-some-fun-news-days dept.

Trailrunner7 writes "The Securities and Exchange Commission has issued new guidance to help public companies determine when they may need to disclose an attack — or even a potential attack — in order to make potential investors aware of possible risks to the company's business. The guidance, which does not constitute a rule or requirement for companies to disclose, is meant to help registrants in 'assessing what, if any, disclosures should be provided about cybersecurity matters.'"

1 of 21 comments (clear)

  1. Re:Sure by chill · · Score: 4, Informative

    Potentially attacked means an incident occurred, but you aren't sure if it is a specific, targeted attack or just an incident of random infection.

    And yes, they do disclose this on their annual FISMA filings. You will also see the information in the annual Inspector General reports filed with Congress on every agency.

    --
    Learning HOW to think is more important than learning WHAT to think.