Skip to Main Content

Cyber Security and the SEC

Tuesday, March 19, 2013

According to data cited by the head of National Security Agency and U.S. Cyber Command, cyber attacks on U.S. computer networks rose 17-fold from 2009 to 2011.

With the increasing reliance on computer networks and digital data, companies will continue to see an increase in cyber risks, including cyber attacks.

In late 2011, the U.S. Securities and Exchange Commission’s (SEC) Division of Corporate Finance issued guidelines to make it clear that publicly traded companies must report cyber security incidents, or even when a company is at risk of an incident, to stockholders.

How Can Cyber Attacks Affect You?

Cyber attacks can result from deliberate attacks or unintentional events that include, but are not limited to the following:

  • Gaining unauthorized access to digital systems for purposes of misappropriating assets or sensitive information
  • Corrupting data
  • Causing operational disruption.

Cyber attacks may also be carried out in a manner that does not require gaining unauthorized access, such as by causing denial-of-service attacks on websites. Cyber attacks may be carried out by third parties or insiders using a variety of techniques. These range from highly sophisticated efforts to electronically circumvent network security or overwhelm websites to more traditional intelligence gathering and social engineering aimed at gaining network access.

The objectives of cyber attacks vary widely and may include theft of financial assets, intellectual property or other sensitive information belonging to business owners, their customers or other business partners. Cyber attacks may also be directed at disrupting company operations or targeted at a firm’s business partners.

Security Breach Consequences

Those that fall victim to successful cyber attacks may incur substantial costs and suffer other negative consequences, including the following:

  • Remediation costs that may include liability for stolen assets or information and repairing system damage that may have been caused. Remediation costs may also include incentives offered to customers or other business partners in an effort to maintain the business relationships after an attack.
  • Increased cyber security protection costs that may include organizational changes, deploying additional personnel and protection technologies, training employees and engaging third-party experts and consultants
  • Lost revenues resulting from unauthorized use of proprietary information or the failure to retain or attract customers following an attack
  • Litigation
  • Reputational damage adversely affecting customer or investor confidence

Material posted on this website is for informational purposes only and does not constitute a legal opinion or medical advice. Contact your legal representative or medical professional for information specific to your legal or medical needs.

Get Started

Let Your Aspirations Set the Agenda

Grow with who you know. Reach out to us today and start the conversation, so you’re better protected and prepared for what comes next.

Talk to an Advisor

man looking left