Keyed Up

The SEC could force companies to take security more seriously.
Magazine Contributor
2 min read

This story appears in the February 2004 issue of Entrepreneur. Subscribe »

How safe is your company from hackers and all the other perils of an ever more tightly connected online world? The is mulling over a proposal to require public firms to outline what they're doing to minimize these risks.

Among those discussing such disclosures with the SEC is the . "What are you doing about your security-physical and cyber?" asks Secretary of Homeland Security Tom Ridge. "Tell your shareholders; tell your employees; tell the communities within which you operate."

"Our critical [cyber] infrastructure must have the same level of protection as our waterways, bridges, railways, streets and borders if we are to be secure," says Rep. Adam H. Putnam (R-FL). He adds that many of those running key operations have failed "to take the threat seriously, to receive adequate training, and to take the steps needed to secure their networks." Putnam, chair of the House Committee on Reform's Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, initiated the discussion of publicizing cybersecurity measures and is considering legislation to force the SEC's hand if needed.

"We're trying to elevate the whole issue of information security to the CEO level," explains Bob Dix, the Subcommittee's staff director. "It's still viewed as a technical as opposed to a management issue. There needs to be a wake-up call." Reporting requirements would not be onerous, consisting of a checklist covering items such as critical IT assets, says Dix. The checklist would appear in standard documents such as annual reports. Privately held firms would be exempt, but Dix expects a trickledown effect-not only will smaller firms consider taking the same security steps, but those that partner with big firms may have to upgrade their defenses sooner rather than later.

"Some people resist any kind of government role in the market," Dix acknowledges, and security experts have suggested the should focus on security research or setting security standards for the software it purchases. But so far, Dix says, the reporting proposal has raised little opposition.


More from Entrepreneur

Get heaping discounts to books you love delivered straight to your inbox. We’ll feature a different book each week and share exclusive deals you won’t find anywhere else.
Amplify your business knowledge and reach your full entrepreneurial potential with Entrepreneur Insider’s exclusive benefits. For just $5 per month, get access to premium content, webinars, an ad-free experience, and more! Plus, enjoy a FREE 1-year Entrepreneur magazine subscription.
Create your business plan in half the time with twice the impact using Entrepreneur's BIZ PLANNING PLUS powered by LivePlan. Try risk free for 60 days.

Latest on Entrepreneur