Policy

Rockefeller Asks SEC for Formal Cybersecurity Guidance

Sen. Says Companies Should Disclose Cybersecurity Readiness to Investors 4/10/2013 9:27 AM Eastern
 
Senate Commerce Committee chairman Jay Rockefeller (D-W. Va.) wants the Securities and Exchange Commission to tell companies to provide cybersecurity risk info to investors just as they would their readiness to manage financial, operational and other risks.

In a letter to new SEC chairman Mary Jo White, Rockefeller said investors "deserve to know whether companies are effectively addressing their cybersecurity risks" calling that info indispensable to efficient markets.

He wants the SEC to put out formal guidance to that effect, renewing a request he made of previous SEC chair Mary Schapiro.

Rockefeller also wants to ensure that those companies are making "significant investments in cybersecurity."

Current law requires publicly traded companies to disclose to investors "material" risks and events including network breaches, but Rockefeller has said that a "significant" number of companies are not doing so. He wants some "interpretative guidance" from SEC to clarify that responsibility.

While Rockefeller said the response to the Schapiro letter was staff-level guidance that was a step in the right direction, "given the growing significance of cybersecurity on investors' and stockholders' decisions, formal guidance from the Commission would signal to companies that cybersecurity efforts need to be taken seriously."

Rockefeller "strongly urged" White to make that formal guidance a priority.

September