Companies deal with cyber vulnerabilities
Jun 14, 2013 1:27pm
Public companies are required to disclose risks to their business. Responding to Congressional pressure in 2011, the SEC highlighted cyber incidents as a category for future reporting. Since then we have seen a slow but steady increase in the number of reported incidents as well as the severity of the risk language.
The comments in current filings paint a vivid picture of corporate risk and provide considerable justification for increased investment in policy, practice and products to minimize exposure to cyber risk.
“Cybersecurity becomes an issue of global importance,” according to JP Morgan. Further, “Cybersecurity is a critical priority for the entire company, from the CEO on down. Cybersecurity is increasingly becoming more complex and more dangerous.”
Once burned, and even more vigilant today, EMC states “Cybersecurity breaches could expose us to liability, damage our reputation, compromise our ability to conduct business, require us to incur significant costs or otherwise adversely affect our financial results.”
Smaller is not safer in the cyber world. Here are a couple of examples showing the nature of risk events and the ongoing liabilities resulting from cyber incidents (click the links and scroll down to highlighted words):