SEC: Firms must disclose relevant cyber attacks

ADVERTISEMENT

Another rule requires firms to briefly describe any relevant pending legal proceedings, which could include litigation regarding a previous cyber attack. Schapiro said to date the Commission hasn't heard from investors seeking more disclosure regarding cyber attacks or network security.

"I also have asked the staff to advise me on whether additional guidance is needed to make sure investors have access to the information they need when making their investment decisions," Schapiro said. "As we further analyze this issue, we will seriously consider your request for interpretive guidance."

The lawmakers' initial request came three weeks after a hacker attack on Sony's PlayStation Network jeopardized the personal information of 77 million consumers.

The firm's delay of almost a week before emailing customers prompted harsh criticism from lawmakers, who argued firms should be required to disclose such attacks promptly.