Keyed Up

The SEC could force companies to take security more seriously.
Magazine Contributor
2 min read

This story appears in the February 2004 issue of Entrepreneur. Subscribe »

How safe is your company from hackers and all the other perils of an ever more tightly connected online world? The SEC is mulling over a proposal to require public firms to outline what they're doing to minimize these risks.

Among those discussing such disclosures with the SEC is the Department of Homeland Security. "What are you doing about your security-physical and cyber?" asks Secretary of Homeland Security Tom Ridge. "Tell your shareholders; tell your employees; tell the communities within which you operate."

"Our critical [cyber] infrastructure must have the same level of protection as our waterways, bridges, railways, streets and borders if we are to be secure," says Rep. Adam H. Putnam (R-FL). He adds that many of those running key operations have failed "to take the threat seriously, to receive adequate training, and to take the steps needed to secure their networks." Putnam, chair of the House Committee on Government Reform's Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, initiated the discussion of publicizing cybersecurity measures and is considering legislation to force the SEC's hand if needed.

"We're trying to elevate the whole issue of information security to the CEO level," explains Bob Dix, the Subcommittee's staff director. "It's still viewed as a technical as opposed to a management issue. There needs to be a wake-up call." Reporting requirements would not be onerous, consisting of a checklist covering items such as critical IT assets, says Dix. The checklist would appear in standard documents such as annual reports. Privately held firms would be exempt, but Dix expects a trickledown effect-not only will smaller firms consider taking the same security steps, but those that partner with big firms may have to upgrade their defenses sooner rather than later.

"Some people resist any kind of government role in the market," Dix acknowledges, and security experts have suggested the federal government should focus on security research or setting security standards for the software it purchases. But so far, Dix says, the reporting proposal has raised little opposition.

More from Entrepreneur

Get heaping discounts to books you love delivered straight to your inbox. We’ll feature a different book each week and share exclusive deals you won’t find anywhere else.
Jumpstart Your Business. Entrepreneur Insider is your all-access pass to the skills, experts, and network you need to get your business off the ground—or take it to the next level.
Starting, buying, or growing your small business shouldn’t be hard. Guidant Financial works to make financing easy for current and aspiring small business owners by providing custom funding solutions, financing education, and more.

Latest on Entrepreneur

Entrepreneur Media, Inc. values your privacy. In order to understand how people use our site generally, and to create more valuable experiences for you, we may collect data about your use of this site (both directly and through our partners). By continuing to use this site, you are agreeing to the use of that data. For more information on our data policies, please visit our Privacy Policy.