SEC Is Pressed on Firms' Disclosures of Cyberattacks

A group of lawmakers wants the Securities and Exchange Commission to push companies to disclose when they have fallen victim to cyberattacks.

Three weeks after Sony was forced to shut down its PlayStation network by hackers who stole users' information, the group, which includes Senate Commerce Committee Chairman Jay Rockefeller (D-WV), sent a letter to the SEC asking it to issue guidance stating that companies must report when they have suffered a major network attack and disclose details on intellectual property or trade secrets that hackers may have stolen. The SEC guidance should also clarify that existing corporate-risk disclosure requirements compel companies to disclose if they are vulnerable to cyberattacks, the five lawmakers, all Senate Democrats, said. "In light of the growing threat and the national security and economic ramifications of successful attacks against American businesses, it is essential that corporate leaders know their responsibility for managing and disclosing information security risk," the lawmakers wrote to SEC Chairman Mary Schapiro.