Newspaper article Pittsburgh Post-Gazette (Pittsburgh, PA)

Cyber Risks Grow, but Companies Hesitate to Disclose Much

Newspaper article Pittsburgh Post-Gazette (Pittsburgh, PA)

Cyber Risks Grow, but Companies Hesitate to Disclose Much

Article excerpt

Headlines are constant reminders of the havoc that cybersecurity breaches cause. Investors are among the victims.

"It's become a weekly occurrence and that's certainly not lost on investors," said David Jaffe, a business transactions attorney in the Pittsburgh office of Fox Rothschild.

Mr. Jaffe said understanding companies' cybersecurity risks is an emerging priority for institutional investors.

The U.S. Securities and Exchange Commission requires companies to disclose "timely, comprehensive and accurate information ... that a reasonable investor would consider important to an investment decision," according to cybersecurity-related guidance the agency gave in 2011.

SEC officials said if cybersecurity issues are among the biggest factors that make investing in a public company risky or speculative, investors should be informed of those risks. But companies don't have to provide information that would compromise security, SEC officials said.

Several Pittsburgh companies disclosed cybersecurity risk last year after federal prosecutors indicted five members of the Chinese military for hacking Allegheny Technologies, U.S. Steel, Westinghouse and Alcoa as well as the United Steelworkers union. The indictment alleged the crimes included obtaining 7,000 passwords of Allegheny Technologies employees and breaching U.S. Steel's system.

In its next quarterly SEC filing, Allegheny Technologies acknowledged cybersecurity risks and said that, despite its best efforts, "Our facilities and our systems and those of our third- party service providers may be vulnerable to security breaches."

U.S. Steel's next quarterly SEC filing mentioned the indictment and disclosed that the company "has experienced cyber security attacks."

"Based on information known to date, the company is currently unable to determine the materiality, if any, of these events," U.S. Steel disclosed.

Alcoa's 2014 annual report stated it had been the victim of hackers, but the incidents did not have a material impact on finances or operations. "Due to the evolving nature of cybersecurity threats, the scope and impact of any future incident cannot be predicted," Alcoa said. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.