SEC Says Public Firms May Need To Disclose Cyberattacks 21
Trailrunner7 writes "The Securities and Exchange Commission has issued new guidance to help public companies determine when they may need to disclose an attack — or even a potential attack — in order to make potential investors aware of possible risks to the company's business. The guidance, which does not constitute a rule or requirement for companies to disclose, is meant to help registrants in 'assessing what, if any, disclosures should be provided about cybersecurity matters.'"
Argh (Score:2, Interesting)
"In order to make potential investors aware of possible risks to the company's business"
Right, they won't do this for CUSTOMERS, but they have a change of opinion when it comes to INVESTORS.
Dear SEC, (Score:5, Interesting)
Dear SEC,
We connected our enterprise to the Internet in October 1992. Starting roughly two weeks from that time, we have been under continuous attack from various robots, disgruntled former employees, botnets, viruses, worms, and possibly space aliens. Honestly, we really don't even try to check on the origin of these attacks, we just tarpit them all.
Should you require more detail, we can arrange a real-time feed from our firewall systems, which are currently being attacked roughly every four seconds, just like every other network of our size in the entire world.
Please feel free to attempt to determine the source and purpose of these attacks, since clearly you are no longer interested in monitoring the world's business economy and thus helping ensuring a free and fair marketplace.
Sincerely,
--Any Large Internet-connected Business