Cyber security expert: SEC chairman pointing efforts in right direction

To this somewhat hopeful cyber security expert, it appears that Mary Jo White, the new chairwoman of the SEC, is interested in making investors’ online security a priority. Will it make you safer? Not without action. Shortly after being officially confirmed in her new role this week, White held a meeting to establish stricter identity theft prevention measures – an initiative that was started back in 2011. Specifically, the measures encouraged businesses to disclose their security vulnerabilities and any history of prior cyber attacks for the purpose of better informing constituents.

White’s initiative was sparked in part by West Virginia Senator John Rockefeller, who has reached out to her to increase efforts in this area. In a letter to White sent this week, Rockefeller urged the SEC to put stronger regulations in place to help enforce cyber security. His statements of concern requesting “formal guidance from the SEC” hit the nail on the head.

“Investors deserve to know whether companies are effectively addressing their cyber security risks – just as investors should know whether companies are managing their financial and operational risks,” Rockefeller’s letter reads. “This information is indispensable to efficient markets, and as a country, we need the private sector to make significant investments in cyber security.”

As both an investor and a cyber security expert I’d take it one step further. If investors are unsure about the security practices of a company, how can they be confident that their investments in that company will be appropriately protected? Security is an underlying pillar of trust, and without investor trust, companies have little sustainable value. It’s hard to over-emphasize the importance of investor trust that grows as a byproduct of sound cyber security. How long did it take TJX Companies to recover investor value after their hacking disaster a few years ago? Sony Playstation?

Of course, there are bound to be disagreements around the proper approach. Thanks to the Dodd-Frank law from 2010, the Commodity Futures Trading Commission, along with the SEC, can create and promote the rules surrounding regulation of cyber security in this area. According to Anne Cotter of Dodd-Frank.com, “The federal securities laws, in part, are designed to elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision.”

Cyber security, or lack of it, is one such risk that merits disclosure. It’s important that we not let political differences keep us from strengthening the means to keep out hackers. We are headed down the right path in the sense that the government and corporate America are paying attention. But acceptance of our need for cyber security does not equate to action. We will succeed at this effort as a nation, or fail at it together.

John Sileo is an cyber security expert and keynote speaker on privacy, identity and reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Posted by Identity Theft Speaker John Sileo in Cyber Data Security and tagged Cyber Security, Identity Theft Prevention.