www.rivitmedia.comwww.rivitmedia.comwww.rivitmedia.com
  • Home
  • Tech News
    Tech NewsShow More
    Microsoft’s May 2025 Patch Tuesday: Five Actively Exploited Zero-Day Vulnerabilities Addressed
    7 Min Read
    Malicious Go Modules Unleash Disk-Wiping Chaos in Linux Supply Chain Attack
    4 Min Read
    Agentic AI: Transforming Cybersecurity in 2025
    3 Min Read
    Cybersecurity CEO Accused of Planting Malware in Hospital Systems: A Breach of Trust That Shocks the Industry
    6 Min Read
    Cloud Convenience, Criminal Opportunity: How Google Sites Became a Launchpad for Elite Phishing
    6 Min Read
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
  • How-To-Guides
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
  • FREE SCAN
  • Cybersecurity for Business
Search
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2023 rivitMedia.com. All Rights Reserved.
Reading: The Ethics of Ransomware Reporting? Why are companies risking potential penalties from the Securities and Exchange Commission in an effort to hide cyberattacks? 
Share
Notification Show More
Font ResizerAa
www.rivitmedia.comwww.rivitmedia.com
Font ResizerAa
  • Online Scams
  • Tech News
  • Cyber Threats
  • Mac Malware
  • Cybersecurity for Business
  • FREE SCAN
Search
  • Home
  • Tech News
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
  • How-To-Guides
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
    • Cybersecurity for Business
  • FREE SCAN
  • Sitemap
Follow US
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
www.rivitmedia.com > Blog > Cyber Threats > Ransomware > The Ethics of Ransomware Reporting? Why are companies risking potential penalties from the Securities and Exchange Commission in an effort to hide cyberattacks? 
IT/Cybersecurity Best PracticesRansomwareTech News

The Ethics of Ransomware Reporting? Why are companies risking potential penalties from the Securities and Exchange Commission in an effort to hide cyberattacks? 

riviTMedia Research
Last updated: October 23, 2023 7:08 pm
riviTMedia Research
Share
The Ethics of Ransomware Reporting?
SHARE

Why are companies risking potential penalties from the Securities and Exchange Commission (or SEC), in an effort to hide cyberattacks?

Every year, scores of ransomware attacks paralyze the computer networks of businesses, government agencies, medical offices and many small businesses. But these attacks pose a particular dilemma for publicly traded companies, which operate under SEC regulations. These attacks are costly, they affect operations, and more importantly, expose cybersecurity vulnerabilities. They also can potentially meet the definition used by the SEC of a “material” event — or an incident that a “reasonable person” would consider important to an investment decision. Material events are required to be reported in public filings, and failing to do so could compel an SEC action or a shareholder lawsuit.

Despite this, some companies worry that acknowledging a ransomware attack could earn them negative press, while alarming investors and driving down share prices. As a result, although many companies cite may ransomware in filings as a risk, they often fail to report attacks or describe them in clouded terms.

This failure to disclose incidents to the SEC hampers federal monitoring of ransomware assaults on U.S. businesses. Companies often avoid alerting the FBI, out of fear that the attacks will become public and compel the FBI to investigate unrelated problems. 

These gaps in incident reporting become more glaring as the prevalence of cyber attacks against businesses increases. In October of 2019, the FBI issued a warning that attacks “are becoming more targeted, sophisticated, and costly,” and that losses from them “have increased significantly.” Some recent ransomware attacks have resulted in data theft and threats from cybercriminals to sell or publish it. That constitutes a breach of security that could undermine one of the most common corporate rationales for their lack of disclosure. 

Some companies lean on the notion that ransomware attacks aren’t material because there’s little evidence that personally identifiable information — the release of which may trigger reporting requirements in various states — is stolen.

Usually, what happens when companies do allude to an attack in SEC filings, is that they will typically resort to euphemisms rather than the specific wording that would best describe what caused their business to suffer millions of dollars in losses.

For investors, being kept in the dark about ransomware attacks and any subsequent payments puts them at a disadvantage when evaluating potential stock purchases. They are basically unable to make informed decisions about stock ownership or any possible proposals that could boost a company’s cybersecurity.

Failing to disclose these material events to investors and the SEC can spur backlash from both. After Yahoo failed to report a data breach affecting hundreds of millions of accounts, it later settled a shareholder lawsuit $80 million and paid a whopping 35 million in penalties to the SEC. 

Whether or not a ransomware attack that doesn’t expose large amounts of personal data must be deemed material, and reported to the SEC, is a much more complicated matter. While ransom demands generally aren’t large enough to be considered singularly material, companies often incur other larger costs related to the attack. This usually comes in the form of expensive outside consultants, the cost of replacing damaged equipment, higher cyber insurance premiums in addition to coping with lost revenues from interrupted operations. Then, there are additional issues related to customer dissatisfaction and the loss of corporate data. Going forward, Corporations should weigh “the importance of any compromised information and of the impact of the incident on the company’s operations,” according to the SEC.

You Might Also Like

Worldchronicles3.xyz: A Deceptive Cyber Threat
D0glun Ransomware: Understanding, Removal, and Prevention
Doidacers.com Ads: A Threat Analysis and Removal Guide
Farabuy.com: A Comprehensive Guide to Removing Annoying Pop-ups
Dealing with the YZAQ Ransomware Infection
TAGGED:ransomwareTech News

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Copy Link Print
Share
Previous Article Are Internet Users Their Own Worst Enemy?
Next Article Wardriving: Risks, Methods, and How to Prevent It
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Scan Your System for Free

✅ Free Scan Available 

✅ 13M Scans/Month

✅ Instant Detection

Download SpyHunter 5
Download SpyHunter for Mac

//

Check in Daily for the best technology and Cybersecurity based content on the internet.

Quick Link

  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

www.rivitmedia.comwww.rivitmedia.com
© 2023 • rivitmedia.com All Rights Reserved.
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US