October 14, 2011 - A rash of cyber security breaches at U.S. public companies and an outcry from federal lawmakers has prompted U.S. securities regulators to issue guidance for when companies must disclose cyber attacks to investors.
The guidance, posted late on Thursday by the U.S. Securities and Exchange Commission, lays out examples of things that companies may be required to disclose. The guidance comes after Senator John Rockefeller asked the SEC to issue it amid concern that companies were failing to mention data breaches in public filings. The SEC said that if a cyber event occurs and leads to losses, then companies should "provide certain disclosures of losses that are at least reasonably possible."