More companies reporting cybersecurity incidents

At least 19 financial institutions have disclosed to investors in recent weeks that their computers were targets of malicious cyber­assaults last year, a sign of growing openness among corporations about the breadth of cybersecurity incidents plaguing the private sector.

In their annual financial reports to the Securities and Exchange Commission, major banks such as Bank of America, Citi, Wells Fargo and JPMorgan Chase, along with smaller institutions, have reported that their systems were hit with computer disruptions or intrusions. Almost all reported that they were targeted in last year’s highly publicized “distributed denial of service attacks” (DDOS) — efforts to disrupt access to Web sites by barraging servers with computer traffic. The assaults, which are ongoing, made headlines in the fall when U.S. officials said they believed they were launched by the Iranian government in retaliation for sanctions imposed because of Tehran’s nuclear program. The disclosures are significant in that for years, companies, including banks, have been loath even to acknowledge that they have been victims of such incidents. But it appears that SEC guidance issued in October 2011 making clear that companies need to report significant computerized theft or disruption, combined with greater public attention to the issue, is forcing more disclosure. Also, the fact that the banks hit by the DDOS attacks have been named in media accounts has made ignoring them more difficult.


More companies reporting cybersecurity incidents