- SCU Home Page
- About SCU
- On Campus
- News & Info
Business Ethics in the News
CYBER ATTACKS: Should Companies Admit They've Been Hacked?
Sunday, Feb. 24, 2013
Cyber attacks on American companies have become increasingly more common, but not all companies respond to security breaches the same way. Companies such as Facebook, Twitter and Apple, have voluntarily gone public with their security troubles. Alternatively, a number of companies have continued to deny cyber attacks, despite reports stating otherwise; including, Exxon Mobil, Coca-Cola, Baker Hughes, and others. The U.S. government has encouraged transparency on cyber attacks as part of a wider effort to protect American intellectual property. Advocates of disclosing breaches claim it will set a precedent for other companies to get more active in fighting cyber attacks. The majority of company lawyers advise not to disclose, pointing to potential shareholder lawsuits, embarrassment and fear of inciting future attacks. Health and insurance companies must disclose breaches of patient information, and publicly traded companies must when an incident effects earnings. What policy should companies adopt when dealing with a cyber security breach?
Kirk: The common good demands a united effort by public and private institutions to fight cyber attacks. Companies owe it to the public to admit they've been hacked and to use their experience toward improving efforts against hacking. Anything short of full participation will guarantee that cyber attacks will continue to be a problem, and companies will be picked off one by one as they stand silent. Due to the sheer number of incidents the stigma of being hacked has decreased dramatically, opening the door for more companies to come forward. It's time for companies to think of the common good over protecting their own tail.
Patrick: The focus here should be on the legal system, not the victims of cyber attacks. Hacked companies are being further victimized by being pressured to release security breaches, while being inadequately protected from the liability that comes with it. This is not to say that companies should not be held accountable for a reasonable amount of preventative security, but the U.S. government is sending companies mixed messages. If the Federal Government really wants collaboration from hacked companies they should consider offering anonymous participation in their current initiatives, as well as insulate companies from unwarranted shareholder lawsuits.