The Securities and Exchange Commission said publicly traded companies should disclose to investors the threat and potential impact of cyber attacks that pose a "specific and material" risk.

The SEC made its comments in a letter to Senator Jay Rockefeller, chairman of the Senate Commerce Committee, that was released Wednesday. Last month, Rockefeller and four other Democratic senators wrote a letter to SEC Chairman Mary Schapiro urging the agency to issue guidance on disclosure of data security risk, including "material network breaches," attacks that may result in the theft of intellectual property or trade secrets.

Federal securities law obliges public companies to disclose risks that a reasonable investor would consider important to an investment decision, the SEC said in its letter. Those disclosures may include reporting a prior cyber attack or the threat of a future attack, as well as the impact of a computer assault, the SEC said.

Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.

Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
  • Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.