The SEC has issued a voluntary guidance rule to all public companies asking them to disclose publicly any material cyber attacks that include “the theft of financial assets or intellectual property that may be very costly, disrupt their business or result in litigation or reputational damage,” according to an SEC disclosure issued October 13.
The SEC was responding to a formal request from Sen. Jay Rockefeller, Dem. of West Virginia, who is a ranking member of the Senate Commerce Committee.
“For years cyber risks material to investors unreported in spite of existing legal obligations to disclose them,” Rockefeller said last week. ” Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept in the dark.”