Block on Trump's Asylum Ban Upheld by Supreme Court
With companies being hacked virtually every day, the Securities and Exchange Commission released guidelines for them to take more security measures.
The Equifax cyberattack, in particular, pushed the agency to publish the new cybersecurity standards. The credit reporting agency failed to report a cyber breach that exposed about 145 million consumer records, even as some company executives sold off their shares before disclosing the breach.
The SEC guidelines emphasize the losses that come from cyberattacks, highlighting the duties companies have to protect consumers and shareholders. "Substantial costs" and "other negative consequences" include:
The agency outlined the losses, and then told companies what they have to do to prevent them.
"I urge public companies to examine their controls and procedures, with not only their securities law disclosure obligations in mind, but also reputational considerations around sales of securities by executives," said SEC Chairman Jay Clayton.
Companies cannot hide their cybersecurity issues, the commission said.
"[T]he Commission believes that it is critical that public companies take all required actions to inform investors about material cybersecurity risks and incidents in a timely fashion, including those companies that are subject to material cybersecurity risks but may not yet have been the target of a cyber-attack," the report says.
Not all the commission members were happy with the report, saying it didn't go far enough. No one mentioned, however, that the SEC failed to disclose when it was hacked a year or so ago.