Increased cyber breach disclosure requirements will be positive not only for cybersecurity, but also for corporate profitability

Summary

SolarWinds fallout continues as the US Senate Intelligence Committee Chairman Mark Warner says that Congress will revisit the issue over whether to require companies to disclose cyber breaches. Previous attempts by the government to require notification were reportedly blocked by private sector lobbying. But the scale and damage of the SolarWinds hack—and the fact that had FireEye not disclosed the breach, the damage would likely have continued to increase much further—means that it will be far more difficult for opponents of disclosure to continue to successfully block this type of legislation.

Report

Analysis

The trend towards stricter disclosure requirements is welcome. Senator Warner’s comments come only a few days after the US Comptroller of the Currency, Federal Reserve and Federal Deposit Insurance Corporation have also proposed a new rule requiring a much greater level of disclosure by banks that experience a breach (current rules allow banks to decide if a breach is material enough to require disclosure).

It is reasonable to expect that these disclosure requirements would lead C‑Suites and boards of directors to place an even higher priority on implementing stronger cyber security measures, in part due to their desire to avoid the embarrassment that comes with public reporting. However, it would be a mistake for them to view this simply as an onerous bureaucratic measure, as Cyberhedge research shows that companies with sector leading cyber governance are rewarded with stronger financial and share price performance. This is because in our increasingly digitized world, an increased focus on cyber governance goes hand in hand with better and more effective Digital Transformation strategies.

Far from being an added ‘cost’ that will have a net negative impact on a company’s finances, increased disclosure will instead lead to better outcomes both at the individual company level and at a macro‑level, similar to how the establishment of the Federal Aviation Administration (FAA). The FAA’s intense focus on investigating and improving airplane safety led to much reduced safety incidents and as a result an increase in air travel and the accelerated growth of the airline industry.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website