Even as Congress tackles the issue of crafting decent legislation to deal with cyberattacks (and no, CISPA is not decent legislation in its current form) in a secret "closed to the public" markup meeting, Techdirt has uncovered the fact that 27 companies have told the SEC that cyberattacks have had no impact. According to this Bloomberg report, 27 companies reported cyberattacks in SEC filings. Of those, only Citigroup reported “limited losses,” while the others said there was no material impact.
Clearly someone is bending the truth to get some legislation passed. Is it CISPA co-sponsor Mike Rogers (R-Mich.) who has said more than once that "foreign intruders" are "stealing literally billions" of dollars from companies in intellectual property and corporate secrets? Or is it Army General Keith Alexander, head of U.S. Cyber Command and the National Security Agency, who has called cybercrime "the greatest transfer of wealth in history." Or could it be that lawmakers in Washington just don't understand anything about how the Internet actually works?
“There is a clear discrepancy between what companies are reporting to their stockholders and what they’re declaring to policy makers,” Sascha Meinrath, vice president of the New America Foundation tells Bloomberg. The confusion harms the ability of legislators and agency officials to understand cybersecurity, Meinrath added.
Ultimately the Bloomberg report goes on to say that most companies see cyberattacks as a threat on par with bad weather like hurricanes. Yes, they can disrupt services for customers, but ultimately things go back to normal fairly quickly after a cyberattack. And if there are more costs associated with being hit by a cyberattack, corporations that are publicly traded aren't mentioning those costs to the SEC or their stockholders.
It leads one to wonder, where is the evidence that billions of dollars in secrets and intellectual property is being stolen by hackers outside the United States from corporations in America?