Case: Should Companies Admit They've Been Hacked?
Cyber-attacks on American companies have become increasingly more common, but not all companies respond to security breaches the same way. Companies such as Facebook, Twitter,Target, and Apple, have voluntarily gone public with their security troubles. Alternatively, Exxon Mobil, Coca-Cola, Baker Hughes, and others have continued to deny cyber-attacks, despite reports to the contrary. The U.S. government has encouraged transparency on cyber-attacks as part of a wider effort to protect American intellectual property and identity protection. Advocates of disclosing breaches claim it will set a precedent for other companies to get more active in fighting cyber-attacks. The majority of company lawyers advise not to disclose, pointing to potential shareholder lawsuits, embarrassment, and fear of inciting future attacks. By lay, health and insurance companies must disclose breaches of patient information, and publicly traded companies must when an incident effects earnings.
1. What policy should companies adopt when dealing with a cyber-security breach?
2. Is withholding from the public the fact of a cyber-attack ethical?
3. Announcing a cyber-attack will likely affect the profitability of the firm. Whose interests are paramount, the customers or the stockholders?