Public companies that are victims of cyber attacks should consider disclosing additional information beyond what's required to help protect customers whose private data could be at risk, a top U.S. regulator said Tuesday. U.S. Securities and Exchange Commission member Luis Aguilar made his plea to public companies and their boards in a speech at the New York Stock Exchange.
"I would encourage companies to go beyond the impact on the company and to also consider the impact on others," Aguilar, stated. "It is possible that a cyber-attack may not have a direct material adverse impact on the company itself, but that a loss of customers' personal and financial data could have devastating effects on the lives of the company's customers and many Americans. In such cases, the right thing to do is to give these victims a heads-up so that they can protect themselves." Read More >
Should ad networks and others have the same reporting requirements? I suggest it should apply to all cyberattacks where end user information is compromised or enduser machines are potentially compromised including ad networks, publishers, mobile app platforms and others.