As insurers begin to digest the information released this week by the Financial Stability Oversight Council of the U.S. Treasury Dept. qualifying and clarifying systemic risk, the SEC issued guidelines that laid out the kind of information companies should disclose regarding cyber events that could lead to financial losses.
The SEC’s move to issue guidelines came from direction from Sen. John Rockefeller (D.-W.Va.) amid concern that investors had difficulty assessing security risks if companies did not disclose such information in their public filings.
"Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything," Rockefeller said in a statement. "It will allow the market to evaluate companies in part based on their ability to keep their networks secure. We want an informed market and informed consumers, and this is how we do it,"
Of all the vertical markets currently tracking security issues, health care, both on the payer and provider sides, have a stake in the game.
Health insurance exchanges, mandated by President Obama’s healthcare reforms, may provide fertile ground for possible attacks,
Other notable companies that have fallen prey to cyber attacks include Google Inc., Lockheed Martin Corp, the Pentagon's No. 1 supplier, Citigroup , the International Monetary Fund and others. To date, most of the concern has been focused on critical facilities like nuclear power, electricity, chemical and water treatment plants, notes the SEC.
In its guidelines, the SEC offers specifics what type of data companies might need to provide investors.
"Examples of estimates that may be affected by cyber incidents include estimates of warranty liability, allowances for product returns, capitalized software costs, inventory, litigation, and deferred revenue," it says.
-- This article first appeared on
