SEC charges four companies with misleading cyber disclosures

(www.sec.gov)

81 points impish9208 | 1 comments | 22 Oct 24 16:56 UTC | HN request time: 0.206s | source

Show context

hn_throwaway_99 ◴[22 Oct 24 17:43 UTC] No.41916731[source]▶

>>41916246 (OP) #

It's amusing to me how the economic and cultural incentives at so many companies is to lie as much as possible when it comes to breach disclosures while pretending that you're still technically telling the truth.

I think that in all of these cases it would have been no worse for the companies in question if they just sent out a dry, "just the facts, ma'am" report of what actually happened, without any of the BS "the security of our customer data is our primary priority!" statements to begin with that always accompany these kinds of breach disclosures. E.g. something like:

On <date>, due to a vulnerability in the third party vendor SolarWinds which provides network security services for us, we detected the following breaches of customer data:

1. xxx

2. yyy

The steps we are currently taking, and what you should do: zzz.

----

Perhaps one good thing that can come out of this is that some sort of "standard" format for breach disclosures comes about (think the "Nutrition Facts" labels on food boxes in the US). All I do when I see companies trying to minimize breach disclosures is assume they're bullshitting anyway.

replies(3): >>41918007 #>>41918463 #>>41918586 #

kmeisthax ◴[22 Oct 24 19:51 UTC] No.41918007[source]▶

>>41916731 #

If companies were mere profit-seeking entities, these breach notices would be minimally disruptive to the business. Most people do not immediately jump ship just because a breach happened.

But most companies are not just that. They're barely-legal Ponzi schemes. The board and their appointed CxOs are selected specifically on the basis of how much they can get the stock price up. This results in companies making lots of terribly short-sighted decisions.

In the specific case of breach disclosures, any bad news about a company tends to create uncertainty, which makes short-term investors and speculators close their positions, which drops the price. This drop tends to be short-term, but it imperils the liquidity of the investment, and liquid investments tend to be more valuable, so...

replies(2): >>41918660 #>>41921196 #

1. gruez ◴[23 Oct 24 02:35 UTC] No.41921196[source]▶

>>41918007 #

>But most companies are not just that. They're barely-legal Ponzi schemes. The board and their appointed CxOs are selected specifically on the basis of how much they can get the stock price up. This results in companies making lots of terribly short-sighted decisions.

"Most companies are ponzi schemes focused on short term stock price appreciation" is a criticism that has been around for decades. If that's really the case, the performance of the s&p 500 shows that it's either false, or a really long con that somehow still hasn't collapsed yet.

A far more straightforward explanation is that CEOs don't like delivering bad news, especially ones that happened on their watch, so they try to bury it. Covering up mistakes is something that kids even do. There's no need to invoke "most companies are [...] barely-legal Ponzi schemes"

↑