SEC filings: Revenue, profit...cybersecurity?

Overseas Security Advisory Council: "SEC filings: Revenue, profit...cybersecurity?
from CNet on Friday, October 10, 2003

Publicly traded companies could be required to disclose whether they are doing anything to secure information on their computer systems, U.S. Office of Homeland Security Secretary Tom Ridge said Thursday.

Ridge said he had met with William Donaldson, chairman of the U.S. Securities and Exchange Commission, to discuss whether companies should be required to disclose cybersecurity efforts in their SEC filings. 'I think we need to talk about some kind of public disclosure: What are you doing about your security, physical and cybersecurity? Tell your shareholders, tell your employees, tell your communities within which you operate,' Ridge told the software industry trade group.

The government used a similar approach to encourage companies to fight the Year 2000 bug, or 'Y2K,' the worry that data could be lost when computers' internal clocks switched over to the year 2000.

While Y2K ultimately did little or no damage, computer systems have been ravaged in recent years by a string of hacker attacks, viruses and worms, and many security consultants say businesses are not taking online security seriously enough.

The Bush administration has largely shied away from requiring businesses to improve their cyberdefenses, opting instead to encourage better practices through voluntary measures.

The SEC was not immediately available for comment. "