Should You Tell Shareholders about Breaches?

Sue Marquette Poremba
Slide Show

Eight Ways to Prevent Data Breaches

Perimeter CTO Kevin Prince has kindly offered up several tips for preventing a data breach.

Federal law states that health companies have to disclose if they've suffered a data breach.


Information security group ISACA doesn't think that's enough. Considering the reputational risk to enterprise, the association believes mandatory reporting should be included in the company's regular accounting releases, such as quarterly and annual reports.


There has been a lot of conversation about what consumers should know about breaches and what steps should be taken if personal information is at risk. Along that line, I think it is a good idea to keep shareholders informed on the company's security efforts.


Granted, as someone who writes about information security, it is always on my mind. I always want to know what a company's approach is to security before I give out my personal details. That said, as the general public becomes more aware of the importance of protecting data, it would seem to follow that shareholders take a greater interest in how the company's sensitive information is secured.


Would disclosing a breach to shareholders help or hurt? ISACA seems to think so:

Whilst the public has a legitimate interest in learning about security breaches, it is important to look at the bigger picture, that of the real public interest in a company being seen to learn from its mistakes and allowing management to recover a situation, rather than subjecting the company to a public witch hunt which benefits no-one in the longer term.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.