Last week the SEC released a Disclosure Guidance Document on Cyber Security. The document was a direct response to the dependence on digital technologies and the increased risks associated with Cyber Security. While the SEC guidance was aimed at publicly traded companies, the information in and the existence of the document should raise eyebrows at any business.
An ounce of prevention truly is worth a pound of cure
The document contained extensive guidance for organizations including before, during and after a cyber security incident. Perhaps the most interesting suggestion in this particular document is the call to disclose risk:
Registrants should disclose the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky.
This is something all businesses should be asking themselves, not based on guidance from the SEC or specific directives such as HIPAA but rather because it is the right thing to do. We as businesses are stewards of our clients critical information. In many cases prevention is less expensive than we might think and much less expensive than the liability associated with a failure to prevent a cyber security event.
In response to the extraordinary role that Cyber Security has played in our modern connected world Managed Solutions introduced a program called Secure Enterprise in 2002 to assist businesses with protecting critical enterprises of any size. You can join the conversation about Cyber Security on our Facebook page.