Just saw this in Yahoo! Finance:
On Thursday May 12, 2011, 8:00 am EDT,
By Victoria McGrane and Siobhan Gorman, Reporters, The Wall Street Journal
A group of U.S. lawmakers wants the Securities and Exchange Commission to push companies to disclose when they have fallen victim to cyberattacks.
Three weeks after Sony Corp. was forced to shut down its PlayStation network by hackers who stole users’ information, the group, which includes Senate Commerce Committee Chairman Jay Rockefeller of West Virginia, on Wednesday sent a letter to the SEC asking it to issue guidance stating that companies must report when they have suffered a major network attack and disclose details on intellectual property or trade secrets that hackers may have stolen.
The SEC guidance should also clarify that existing corporate-risk disclosure requirements compel companies to disclose if they are vulnerable to cyberattacks, the five lawmakers, all Senate Democrats, said.
This is really interesting and can change the way companies deal with breaches. I can see C-level executives asking the CSO about what's being done to ensure they won't have to report anything to SEC :-)