The measure for protecting exposed data to be analyzed as well

Jul 3, 2014 14:40 GMT  ·  By

A number of companies that have been victims of cyber-attacks are on the Securities and Exchange Commission’s radar in an investigation regarding the process of informing investors of the breach and its impact.

The examination will also look into the efforts taken by the firms to protect the information on their systems, which has been exposed to the intruders.

According to San Francisco Chronicle, Target Corp. is on the list of companies to be investigated by SEC because of last year’s breach that provided hackers access to credit and debit card information of 40 million customers.

At the moment, there isn’t a final requirement public companies have to comply with when their systems are breached, but they have to inform investors about the material events that have the potential to influence stock trading decisions.

Luis Aguilar, a member of the Securities and Exchange Commission, expressed his opinion that public companies should disclose additional information in the event of a cyber-incident.

The reason is that the information exposed to the attacker may consist of private customer information, which may not have a significant impact on the company itself.

It is a known fact that most companies prefer to keep information about such events a secret, to prevent lawsuits from individuals who have been affected.

However, major security incidents cannot be covered for too long because cybercriminals do not waste time when it comes to capitalizing on the information they have and start raking in the money as soon as they can.

Large companies are attacked on a frequent basis, and most of the time, the importance of the attacks is negligible. But admitting every minor event can hurt their reputation, which may affect it in the long run.

SEC is aware of the increased frequency of cyber-intrusions targeting public companies and that they grow in complexity and can have serious effects on the economy, the consumers, and on the markets and investors the Commission has to safeguard.

Back in March, Commissioner Luis A. Aguilar said in a public statement that “SEC must play a role in this area. What is less clear is what that role should be.”

“With regard to the public company discussion, I am particularly interested in hearing whether the current disclosure regime under the 2011 guidance is working or how it could be improved,” he added.

By starting to investigate how hacked companies protected their assets and the details disclosed to customers and partners, the Commission can create regulations designed to protect the affected parties in the future.