Washington thinks companies are hesitant to disclose all attacks on their computer systems. Yet Cyber attacks are continuing. According to Bloomberg Businessweek, Citigroup disclosed that it experienced limited losses from cyber attacks on its computers. An attack in November 2011, hacked more than 360,000 credit card accounts at Citigroup totaling $4.4 million unauthorized charges and costing the bank $1 million to fix it. Citigroup doesn’t think this requires reporting on a Form 10-Q. Similarly, Amazon.com exchanged letters with authorities regarding an attack on Zappos, a company which purchased. Testifying before the Congress, Dow Chemicals declared that it is under constant attacks and attackers are after intellectual property. Not only that, it distract employees from valuable work time. 27 major U.S. companies signed onto disclose attacks on their computer systems.
Guidelines issued by the Securities and Exchange Commission in October 2011 require companies to report cyber attacks on their computer systems because it affects consumers. But not all companies are disclosing attacks. Many think that companies are not reporting attacks due to concerns of existing as well as possible future customers. Another reason may be lack of clear guidelines on what constitute an attack. Companies decide what constitute an attack.