Goldman Sachs, Citigroup warn on cyber threats
Corporate disclosure of cyber threats and cyber breaches has sparked a great debate across the stock market, which I've discussed over on FierceComplianceIT.
As of now, there's a lot of varying opinion as how banks and other companies should approach these issues. While there have been some directives from the SEC, such as CF Disclosure Guidance: Topic #2 in October 2011, companies still have great leeway in determining what constitutes something that is material enough to be formally disclosed.
The issue cropped up again in the context of the recently issued Executive Order on cyber security. Now comes news that Goldman Sachs and Citigroup have recently joined a crop of other banks in offering more disclosure in their financial statements.
As noted by Bloomberg, both banks recently warned that "online and mobile banking give new points of entry that can be used to disrupt or penetrate operations…The companies said they're vulnerable to tactics that overload websites to shut off public access, such as assaults that disrupted the nation's largest lenders late last year."
Other financial services companies that have warned similarly include Wells Fargo, U.S. Bank and MasterCard.
More companies are likely to issue such warnings, if only to help hold off litigation in the event that their assets are compromised. It's hard to fault companies for determining that the threats are now material enough to warrant discussion in formal risk portions of financial statements.
At the same time, the downside is that these sorts of warnings become so common and similar that they lose effectiveness. Perhaps that's inevitable. As of now, for better or worse, we're heading for a day when such breaches become a mere cost of doing business by banks.
- here's the article