US politicians call for greater cyber-attack disclosure
Five senators have called on the Securities and Exchange Commission to mandate disclosure of major cyber attacks
A group of US senators has written to the country's stock exchange regulator calling for tougher rules on the disclosure of cyber attacks.
The senators want the Securities and Exchange Commission to oblige publicly listed companies to tell the market if they suffer a "material network breach," the Wall Street Journal reports, and to disclose what data or intellectual property might have been stolen.
"In light of the growing threat and the national security and economic ramifications of successful attacks against American businesses, it is essential that corporate leaders know their responsibility for managing and disclosing information security risk," the five senators wrote in their letter.
Should the SEC heed their call, it would greatly increase the chances of a similar law being introduced in the UK.
In a recent interview with Information Age, UK security company Detica's technical director Henry Harrison bemoaned an "information gap" in the market that prevents organisations realising the scale of the issue. "Most of the stuff that is going on out there isn't being reported, either because it isn't being detected or because the victims don't want to talk about it," he said.
The state of California already has a law obliging companies to tell customers when they have suffered a data breach.