The Wall Street Journal reported today that a group of U.S. lawmakers are pressing the Securities and Exchange Commission to make corporations, detail in their quarterly reports, any “material” cyber-attacks that they experience. The purpose of this required disclosure is to create more transparency amongst regular investors. The pressure is a result of the recent massive data breach by Sony, Corporation, who had to shutdown its Playstation network that was attacked by hackers.
A recent review of SEC disclosures found that companies who did report their information-security risks were inconsistent in the level of detail provided by the corporation. Lawmakers want to make firms disclose any “material material breach” (i.e. data theft or cyber-attack) that would affect the average investors decision to buy or sell stock.
The guidance that the lawmakers seek from the SEC might force more companies to rethink their data governance programs – if they even have one in place.