An Eerie Silence on Cybersecurity

[Commentary] Apart from a few companies like Google, which revealed that Chinese hackers had tried to read its users’ e-mail messages, American companies have been disturbingly silent about cyberattacks on their computer systems — apparently in fear that this disclosure will unnerve customers and shareholders and invite lawsuits and unwanted scrutiny from the government. In some cases, such silence might violate the legal obligations of publicly traded companies to share material information about their businesses. Most companies would tell investors if an important factory burned to the ground or thieves made off with hundreds of millions of dollars in cash. So why do they feel that the theft of trade secrets that are often much more valuable do not deserve to be discussed? Companies might argue that it’s hard to quantify the losses from cyberattacks, but that does not mean that they are costless. By keeping quiet, companies also make it more difficult for other businesses and the government to protect against similar attacks. Executives should understand that openly discussing threats helps everyone become more alert to risks, which would be in their own long-term interest.