Cyber Terrorism and the Securities Exchange Commission (SEC)

The alleged GoDaddy cyber-terrorist attack, which happened on September 10, 2012, brings to the forefront how easy and realistic it is for hackers or cyber-terrorists of any association to negatively affect a massive amount of people.  Despite the statements from GoDaddy that they were not brought down by the hackers:

The service outage was not caused by external influences…It was not a ‘hack’ and it was not a denial-of-service (DDoS) attack. We have determined the service outage was due to a series of internal network events that corrupted router data tables. Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again.”

The group ‘Anonymous’, the online terrorist organization, claimed responsibility on Twitter. The struggle that the United States Securities and Exchange Commission (SEC) faces now, and in the future,  is trying to design new policies for internet businesses that  protect investors. This presents many new challenges for regulators and publically listed internet companies.

GoDaddy, a webhosting service that hosts domains and emails, was down for several hours Monday afternoon that affected 10.5 million customers. The alleged GoDaddy attack by the cyber terrorist organization, known as Anonymous, was a topic of recent discussion on The George Jarkesy Show. Whether this was an attack or a glitch it’s a good time to discuss the issues that are facing internet companies and the investors who may buy their stock.

According to General Keith Alexander, head of the National Security Agency and U.S. Cyber Command, at a July conference, cited data that cyber-attacks on U.S. computer networks rose 1700% from 2009 to 2011. Additionally, global businesses spend $10 billion a year to fight cyber-attacks according to a study by experts recruited by the British Ministry of Defense, “Measuring the Cost of Cybercrime,” that was presented in June.

The SEC is responsible for enforcing federal securities laws regulating the securities industry. They are typically viewed as an organization whose purpose is to make sure that investors are informed when making investment decisions. As the global economy becomes more competitive and as technology changes the business environment, this increases the challenges for the SEC at a rapid pace. It is becoming increasingly more difficult to balance informing investors, protecting trade and business secrets, protecting system information and manipulation from unknown cyber-terrorists.

The perceived need for the disclosure of risks has evolved into de facto rules from the SEC for many Internet companies. Companies like Google (GOOG), and Amazon (AMZN) that have now been compelled by the SEC to disclose when their systems have been hacked.  This poses many issues for the SEC, the companies, and their shareholders. Let’s start with what is a material breach? It would probably be different for Google than a small cap company or it may be levels of risk, like a lower level breach which is not as important, and doesn’t carry as much financial risk as a customer information breach. Then there are the issues of corporate espionage from companies that don’t play by the same rules as companies based in the United States. This clearly gives foreign competitors strategic targets and maps as to the weaknesses in a company’s systems.  There is also the risk to companies that hackers are hard to find; our government secrets are not even safe from hackers. Hackers could attack systems just for the purpose of financially weakening the company against competitors or foreign governments. Hackers could also attack the company to manipulate the stock and short it.  When the breach is disclosed and the stock or the sector experiences selling pressure the hackers cash in for profits.

There is real increased financial and operational risk from cyber-attacks and security breaches, and investors need to have good disclosure so that they can make informed decisions. It is clear there is risk, what is unclear is how big the risk is and how much should be disclosed for an investor to make an informed decision. What is equally unclear is the long term impact these disclosures will have on the business of U.S. Internet companies. The two edged sword is protecting investors is positive; at the same time; it also exposes U.S. Internet companies to new threats and challenges.

About George Jarkesy
A money manager and professional investor, financial and corporate advisor. George has founded, invested in, and helped to build companies engaged in a broad range of industry sectors, including financial consulting, media, real estate investing, real estate management, employee leasing, light steel manufacturing, livestock management, technology, natural resources, healthcare and biotechnology. George is currently focused on Managing his and his partners many investments and he is a frequent market commentator and guest on FOX Business Network, FOX & Friends, Neil Cavuto, and CNBC. He is also the host of the nationally syndicated talk radio show, “The George Jarkesy Show”. George started his career in the financial services industry with a New York Stock Exchange member. Over the past two decades, individually and through one of his companies, he has been a successful strategic investor in many entrepreneurial growth companies and has originated and/or participated in several hundred investments over the past 20 years, including both debt and equity in private, pre-public, and public companies. George has also served on the Finance Committee of the Republican National Committee, and is currently an active member of the National Investment Banking Association, The Jarkesy Foundation, Chairman of The National Eagles and Angels Association, and hosts The George Jarkesy Radio Show.