The U.S. Securities and Exchange Commission issued guidelines on Oct. 14 for public companies that disclose cyber attacks against them. As it turns out, the guidelines are practically a blueprint for formulating a crisis plan geared specifically toward site hackings and data breaches.
The new guidelines lay out what kind of information companies should disclose when affected by cyber incidents, including estimates of warranty liability, allowances for product returns, capitalized software costs, inventory, litigation and deferred revenue, according to Reuters.
West Virginia Sen. John Rockefeller (D) had asked the SEC to issue guidelines amid concern that it was becoming hard for investors to assess security risks if companies failed to mention data breaches in their public filings. "Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything," said Rockefeller in a statement. "It will allow the market to evaluate companies in part based on their ability to keep their networks secure. We want an informed market and informed consumers, and this is how we do it."
The lesson for PR pros? Your Web site is not secure, and likely never will be. All sites are vulnerable to quick strikes by hackers. However, your communications strategy—for both during and after a crisis—can be close to foolproof. Consider all potential stakeholder concerns ahead of time, and proceed from there with your plan.