{"id":2270,"date":"2013-04-04T00:00:00","date_gmt":"2013-04-04T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/04\/04\/cyberattacks-abound-yet-companies-tell-sec-losses-are-few\/"},"modified":"2021-12-30T11:40:58","modified_gmt":"2021-12-30T11:40:58","slug":"cyberattacks-abound-yet-companies-tell-sec-losses-are-few","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/04\/04\/cyberattacks-abound-yet-companies-tell-sec-losses-are-few\/","title":{"rendered":"Cyberattacks Abound Yet Companies Tell SEC Losses Are Few"},"content":{"rendered":"

  The 27 largest U.S. companies reporting cyber attacks say they sustained no major financial losses, exposing a disconnect with federal officials who say billions of dollars in corporate secrets are being stolen. MetLife Inc., Coca-Cola Co. (KO), and Honeywell International Inc. were among the 100 largest U.S. companies by revenue to disclose online attacks in recent filings with the Securities and Exchange Commission, according to data compiled by Bloomberg. \u201cThere is a clear discrepancy between what companies are reporting to their stockholders and what they\u2019re declaring to policy makers,\u201d said Sascha Meinrath, vice president of the New America Foundation, a Washington-based policy group.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

After a wave of cyber attacks hit a Federal Reserve website, the New York Times and other news outlets, and U.S. banks, President Barack Obama issued an executive order in February to better protect businesses and critical assets, such as pipelines and power grids.<\/p>\n

The SEC issued guidance in October 2011 telling companies to disclose cyber attacks or risks if that information is material, meaning it would affect an investor\u2019s willingness to buy, hold, or sell the company\u2019s stock.<\/p>\n

<\/p>\n

\u201cFor the sake of investors, the SEC needs to figure out a way of enforcing the appropriate disclosure of material cyber attacks,\u201d said Jacob Olcott, who led a congressional review as counsel to Senator Jay Rockefeller, a West Virginia Democrat, that resulted in the SEC guidance.<\/p>\n

<\/p>\n

Cyber attacks are more likely to be material for some companies than others, Brian Lane, a former SEC corporation finance director, said in an interview.<\/p>\n

<\/p>\n

Almost all of the top 100 U.S. companies by revenue said they rely on technology that may be vulnerable to security breaches, theft of proprietary data and disrupted operations, according to a review of their most recent annual reports.<\/p>\n

<\/p>\n

ConocoPhillips, one of at least six major U.S. and European energy companies reported by Bloomberg to have been breached by China-based hackers beginning in 2009, said in its 2012 annual report no cyber breaches \u201chad a material effect.\u201d<\/p>\n

<\/p>\n

Coca-Cola acknowledged its \u201cinformation systems are a target of attacks,\u201d in its 10-K and said the disruptions \u201cto date have not had a material effect on our business, financial condition or results of operations.\u201d<\/p>\n

<\/p>\n

If a company doesn\u2019t disclose an attack in an SEC filing that was reported in the news media, \u201cdon\u2019t be surprised if we ask you to provide us with a materiality analysis,\u201d Jim Lopez, an SEC branch chief for disclosure operations, said at a Washington conference in February.<\/p>\n

<\/p>\n

While Verizon said in its 2012 10-K the cyber attacks it experienced haven\u2019t been material, the company said the potential costs of a major assault include \u201cexpensive incentives\u201d to keep customers, a jump in security spending, lost revenue and damage to the company\u2019s reputation.<\/p>\n

\nLink: http:\/\/www.bloomberg.com\/news\/2013-04-04\/cyberattacks-abound-yet-companies-tell-sec-losses-are-few.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-2270","post","type-post","status-publish","format-standard","hentry","category-trends"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2270"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2270\/revisions"}],"predecessor-version":[{"id":4757,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2270\/revisions\/4757"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}