Publicly listed companies should be prepared to release information on cybersecurity in their mandatory periodic reporting to the market, due to the interest had by investors in knowing how tough or vulnerable the company in which they invest their money is, with respect to the risk of hacker attacks.

This is the position expressed by Luna Bloom of SEC (Securities and Exchange Commission), the U.S. regulatory and supervisory authority on the financial markets, in her intervention at the Conference "Cybersecurity, market disclosure & industry", underway today and tomorrow at the Università Cattolica del Sacro Cuore.

Cyber risks are growing with their stepping up due to the digitalization of the economy and finance, with strong operational, legal and reputational impacts on listed companies, Bloom observed. The boards of listed companies must hold robust rules and skills, added Bloom, demanding that transparency in the field of cybersecurity must be mandatory and not discretionary.

"Cyber-risk has a potential systemic impact", observed Paolo Ciocca, CONSOB Commissioner. "The question is not whether to release information, but when and how to release it and what to convey to the market. This places a burden on the Boards".

"A consistent, comparable and decision-oriented disclosure of information on cybersecurity would put investors - commented Elena Beccalli, Dean of the Faculty of Banking, Finance and Insurance at Università Cattolica - in a better position to be aware of risks and incidents".

"The pandemic, the war in Ukraine and the frequent use of outsourced suppliers have increased the threat of systemic risks", observed Alexander Harris of ESMA, emphasizing that collaboration between regulators and other market players is necessary.

Press Release PDF version