I think some publicly traded companies read this blog! Ok, maybe I'm dreaming, but consider the story After Google hack, warnings pop up in SEC filings by Robert McMillan:
Five months after Google was hit by hackers looking to steal its secrets, technology companies are increasingly warning their shareholders that they may be materially affected by hacking attempts designed to take valuable intellectual property.
In the past few months Google, Intel, Symantec and Northrop Grumman -- all companies thought to have been targets of a widespread spying operation -- have added new warnings to their U.S. Securities and Exchange Commission filings informing investors of the risks of computer attacks...
Google warned that it could lose customers following a breach, as users question the effectiveness of its security. "Because the techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures," the company said in the filing.
Google's admission that it had been targeted put a public spotlight on a problem that had been growing for years: targeted attacks, known to security professionals as the advanced persistent threat (APT)...
So how do I know they read my blog? Check out my February 2008 post Justifying Digital Security via 10-K Risk Factors:
Perhaps digital security could try aligning itself with the risk factors in the company 10-K?
More directly, check out my May 2009 post President Obama's Real Speech on Cyber Security:
We will work with Congress to establish a national breach disclosure law, and we will require publicly traded companies to outline digital risks in their annual 10-K filings.
Well, the President didn't say that (I did), but thankfully companies are not waiting around for President Obama to be a real information security leader.