Cyber Attacks on Financial Statements!

Don’t be fooled by that headline. A group of anonymous “hacktivists” wearing joker masks aren’t leading an online war against financial statements. No, but we do mean you can soon expect to see new information on corporate financial statements regarding their real or potential exposure to cyber attacks.

For all the advantages of living in the digital age—instant communication and access to vast amounts information—there are also some marked disadvantages, such as access to vast amounts of information that was never intended to be accessible.   

Case in point: Earlier this year, cybercriminals broke into Citigroup’s system and made off with $2.7 million from credit card accounts. Over 200,000 customer names, contact details, account numbers and other information was compromised.

Then there was the hacking of over 100 million accounts on Sony’s PlayStation Network and Online Entertainment. The personal information stolen— including credit and debit card data —resulted in damages ranging from $1 to $2 billion, making it possibly the costliest cyber-hack ever waged.

These are public companies — companies expected to keep shareholders informed of any risks to their bottom line. And that’s why the Securities and Exchange Commission (SEC) recently issued new guidelines regarding the threats hackers pose. The SEC will soon be calling for the disclosure of any real or potential cyber attacks that could negatively impact a company’s operations or financial stability. 

Starting next year, corporate victims of these crimes must acknowledge cyber attacks to regulators, including any computer network intrusions or data theft that would potentially affect investor decisions. Whether they’re as major as the attacks against Citigroup and Sony, or as relatively minor as computer viruses or other malware that infiltrate a company’s network, the company will be required to disclose (1) that an attack took place, (2) any costs resulting from the attack and (3) measures management plans to take to close gaps in their cyber security systems.  

In addition, annual financial statements must include a full description of stolen intellectual property or increased security costs, and disclose the risk of cyber incidents if they are “among the most significant factors that make an investment in the company speculative or risky.”

This marks the end of an era where companies could withhold news about computer system intrusions to protect their reputations.  Yes, such disclosure could impact a company’s stock value, but so might an SEC investigation and penalties.

What does this all mean for the rest of us?  Does it mean more transparency and better disclosure before buying stocks on Wall Street?   Yes.  Does it mean that financial statements will now be easier to understand?  Of course not. It means you’ll have yet another item to factor in and try to weigh in your decision making process. 

But what if you didn’t know how to understand financial statements in the first place?  We have a solution for that.  Pick up a copy of our latest book, The Truth Behind the Numbers in Financial Statements: A Step-by-Step Guide to Investigating Before You Invest.

Does the book include any references to new SEC guides on disclosing everything we’ve just told you about?  No.  But when these changes do go into effect, come back here and we’ll give you some real world examples and point out where to find this new information on financial statements. But be sure and read our book first, because we want you to be well informed ahead of time.

Leave a Reply

If you want a picture to show with your comment, go get a Gravatar.

  • You must register to comment. Click here and you’ll be entered in a quarterly drawing to receive a $25 Starbucks Gift Card