On Dec. 27th, 2011, William Pentland wrote for Forbes on a SEC filing that explicitly mentioned cyberattacks as a stand-alone investor concern.  According to the article, Consolidated Edison of New York (an electric/gas utility serving NYC and Westchester County) included cyberattacks as a risk factor in a recent SEC filing.  The article quoted Con Ed as saying:

"A Cyber Attack Could Adversely Affect the Companies. The Utilities and other operators of critical energy infrastructure may face a heightened risk of cyber attack. In the event of such an attack, the Utilities and the competitive energy businesses could have their operations disrupted, property damaged and customer information stolen; experience substantial loss of revenues, response costs and other financial loss; and be subject to increased regulation, litigation and damage to their reputation."

This may not be huge news, but the article notes that this filing represents the first stand-alone disclosure of the possibility of cyberattack.  Companies have always lumped cyberattacks in with threats of terrorism or national disaster; here, it gets its own category. 

Check out this prior blog article, which explored how the SEC issued guidelines for disclosure on cyberattack incidents.

The rest of the article can be found here.

On Dec. 27th, 2011, William Pentland wrote for Forbes on a SEC filing that explicitly mentioned cyberattacks as a stand-alone investor concern.  According to the article, Consolidated Edison of New York (an electric/gas utility serving NYC and Westchester County) included cyberattacks as a risk factor in a recent SEC filing.  The article quoted Con Ed as saying:

"A Cyber Attack Could Adversely Affect the Companies. The Utilities and other operators of critical energy infrastructure may face a heightened risk of cyber attack. In the event of such an attack, the Utilities and the competitive energy businesses could have their operations disrupted, property damaged and customer information stolen; experience substantial loss of revenues, response costs and other financial loss; and be subject to increased regulation, litigation and damage to their reputation."

This may not be huge news, but the article notes that this filing represents the first stand-alone disclosure of the possibility of cyberattack.  Companies have always lumped cyberattacks in with threats of terrorism or national disaster; here, it gets its own category. 

Check out this prior blog article, which explored how the SEC issued guidelines for disclosure on cyberattack incidents.

The rest of the article can be found here.