Santa Clara University

 
 

Business Ethics in the News

Back to Blog

CYBER ATTACKS: Should Companies Admit They've Been Hacked?

Sunday, Feb. 24, 2013

Cyber attacks on American companies have become increasingly more common, but not all companies respond to security breaches the same way. Companies such as Facebook, Twitter and Apple, have voluntarily gone public with their security troubles. Alternatively, a number of companies have continued to deny cyber attacks, despite reports stating otherwise; including, Exxon Mobil, Coca-Cola, Baker Hughes, and others. The U.S. government has encouraged transparency on cyber attacks as part of a wider effort to protect American intellectual property. Advocates of disclosing breaches claim it will set a precedent for other companies to get more active in fighting cyber attacks. The majority of company lawyers advise not to disclose, pointing to potential shareholder lawsuits, embarrassment and fear of inciting future attacks. Health and insurance companies must disclose breaches of patient information, and publicly traded companies must when an incident effects earnings. What policy should companies adopt when dealing with a cyber security breach?

  Kirk: The common good demands a united effort by public and private institutions to fight cyber attacks. Companies owe it to the public to admit they've been hacked and to use their experience toward improving efforts against hacking. Anything short of full participation will guarantee that cyber attacks will continue to be a problem, and companies will be picked off one by one as they stand silent. Due to the sheer number of incidents the stigma of being hacked has decreased dramatically, opening the door for more companies to come forward. It's time for companies to think of the common good over protecting their own tail.

  Patrick: The focus here should be on the legal system, not the victims of cyber attacks. Hacked companies are being further victimized by being pressured to release security breaches, while being inadequately protected from the liability that comes with it. This is not to say that companies should not be held accountable for a reasonable amount of preventative security, but the U.S. government is sending companies mixed messages. If the Federal Government really wants collaboration from hacked companies they should consider offering anonymous participation in their current initiatives, as well as insulate companies from unwarranted shareholder lawsuits.

Some Victims of Online Hacking Edge Into the Light

A Framework for Thinking Ethically

 

NEXT STORY: ARE SUPPLIERS PAID ENOUGH TO MAKE ETHICAL LABOR PRACTICES POSSIBLE? 

Comments Comments

Joe Schmid said on Feb 28, 2013
The conversation needs to be re-centered from simply cyber attacks to cyber warfare against the U.S. In this new context disclosure takes on a much different significance. Laws already exist that dictate disclosure when material harm has been incurred; and the SEC is promulgating new guidelines in this arena. These attacks are acts of war and the victims are many as in the case of the hacking of the SC Department of Revenue and the loss of taxpayer names, SS numbers, as well as the names and SS numbers of their dependents. The federal government's primary responsibility is to protect its citizens. In a state of war decisions about what and how ought to defer to the feds and the administration. The feds need to step up and decide what and how disclosures are made in a coordinated public/private united effort against the cyber war we find ourselves in, and in the best interest of the common good. - Like - 2 people like this.
Joe Schmid said on Mar 2, 2013
The conversation needs to be re-centered away from simply cyber attacks, to cyber warfare against the U.S. In this new context disclosure takes on a much different significance. Laws already exist that dictate disclosure when material harm has been incurred; and the SEC is promulgating new guidelines in this arena. These attacks are acts of war and the victims are many as in the case of the hacking of the SC Department of Revenue and the loss of taxpayer names, SS numbers, as well as the names and SS numbers of their dependents. The federal government?s primary responsibility is to protect its citizens. In a state of war decisions about the what and how of disclosure ought to defer to the feds and the administration. The feds need to step up and decide what and how disclosures are made in a coordinated public/private united effort against the cyber war we find ourselves in, and in the best interest of the common good. - Like
Kevin Greenberg said on Nov 15, 2014
I believe that the companies owe it to the public to disclose the details of any attack. I see this to be true due to the potential information of shareholders and users. Although, lawsuits may be a very avid fear i don't believe that this fear justifies withholding important information from all involved. - Like
Post a Comment