You may also be interested in:

Articles

The Pressure Increases on Companies to Secure their Networks

  • By Andrew Deichler
  • Published: 8/20/2015
breach1With massive data breaches hitting the news nearly every week, it is becoming clearer and clearer that businesses cannot afford to be negligent in their cyber defenses. Cybersecurity is already a top priority for corporate treasury and finance professionals, and it’s about to become even more important.

The U.S. Securities and Exchange Commission (SEC) may soon begin imposing penalties on companies who fail to disclose security breach information to shareholders, Politico reported. The federal agency is also getting closer to imposing sanctions on businesses that do not implement adequate security controls.

Sources told Politico that the SEC’s enforcement division has issued subpoenas and made informal inquiries into multiple companies, many of which are, unsurprisingly, retailers. Some cases are nearing formal action. The SEC is trying to determine how much shareholders need to know about cyberbreaches.

So far, the agency has dropped some investigations when companies argued that the data hacked was not material, and did not need to be reported to shareholders. Nevertheless, Brad Deflin, president and co-founder of Total Digital Security and a speaker at the recent CTC Corporate Treasurers Forum in Chicago, does not see the SEC backing off of this issue. “The U.S. government from President Obama down is intent on finding ways to establish an environment of collaboration and sharing of breach intel,” he said.

Furthermore, Deflin does not believe that the ultimate success of a particular breach, in terms of the material nature of the stolen data, is the only concern. “It is also about what it means for the potential of defending against the next attempt,” he noted. “I think the SEC would like to see an environment of defaulting toward reporting, and not too much second guessing. Breaches will happen and on some level will be understood as operating risk. Lack of preparedness and reporting on the other hand will be increasingly deemed as the greater fault than the breach.”

As Deflin explained in the latest issue of AFP Exchange, companies would be wise to take a new approach to shoring up cyber defenses. Corporate leadership needs to make an effort to integrate cybersecurity best practices into employees’ everyday lives. They need to focus on securing the perimeter environment, which consists of any location where information technology is not monitored by IT. Remote offices and branches, personal residences and vacation homes, mobile locations and public networks all make convenient backdoors into your company’s network.

IT can't solve the problem alone; partnership across the entire organization is essential. This is where treasury can play a key role, Deflin stressed. “Treasury knows where the assets are, who accesses them and how, and the department can be especially beneficial to a collaborative partnership with broad, organizational risk-control functions,” he explained.

Costly errors

Should the SEC begin imposing penalties for failing to provide shareholders with adequate information on breaches, as well as poor cyber defenses, companies could be paying out large sums of money. All that is one top of other losses they will likely suffer, such as the settlement Target just reached with Visa. According to The Wall Street Journal, the retailer has agreed to pay $67 million.

Target has also paid out $10 million to customers and is still working on a settlement with MasterCard. The retailer said in an SEC filing in February that it had a net breach cost of $162 million ($252 million total, partially offset by $100 million in insurance coverage with a $10 deductible).

Now, with the SEC possibly imposing penalties, it’s only going to get worse for companies being careless about cybersecurity. “The volume and scale of these numbers will only increase,” Deflin said.

Decoding your Analysis Statements
August 22 - 23

Dive into the wealth of information contained in your bank account analysis statements. Discover the guidelines for account analysis statements, how electronic statements work, how AFP Service Codes could and should be assigned, and perform your very own crossbank comparisons.

Learn More

Copyright © 2018 Association for Financial Professionals, Inc.
All rights reserved.