With cyber-attacks ramping up and up since the international pandemic, the need for proper cyber protection and cyber insurance coverage is taking on a new meaning, as well as many other business risk factors.[1] With all the current business concerns in an ever-changing US administration priorities, the corporate risks and vulnerabilities are closely coupled with cyber security matters. As an example, fossil fuel-energy companies and drug developers are among the most common issuers updating their risk disclosures to warn investors of potential policy changes that could harm their businesses under the current US administration, US securities filings show. At least 97 companies had updated the "risk factors" sections of their Securities and Exchange Commission filings as last week to reflect the current US administration’s arrival in office, based on a review conducted by Law360 with assistance from analytics provider Intelligize, which is owned by Law360 parent company LexisNexis. Cyber security risks are definitely among them.
Companies are responsible for refreshing their disclosures as business circumstances change. The arrival of a new administration or other geopolitical events often serve as a catalyst for reassessing risk factors, which are a standard part of periodic filings and initial registrations. The former US president’s election also generated a wave of new disclosures in 2017.
Risk disclosures satisfy an SEC mandate to educate investors, and they may provide a company a defense in the event its stock drops and shareholders sue alleging they were not adequately warned about potential hazards. The latest disclosures stem from recent annual and quarterly filings with the SEC, as well as new prospectuses.[2]
Most disclosures in the current wave come from two industries: fossil fuel companies and businesses involved in health-related endeavors, mainly drug developers, medical device companies and technology firms with health insurance platforms. More than 60 energy or health-related companies combined have specifically mentioned the arrival of the new US president in their risk factors, and other industries have cautioned that a rise in corporate income taxes could affect their businesses. Some companies in distinct fields, ranging from banking and real estate to technology and cannabis, have disclosed risks particular to them.
Energy companies that have filed fresh risk disclosures span oil and gas producers to service providers. Their concerns regard a shift in national energy policy toward renewable power, referencing policies like the US's commitment to rejoining the Paris climate accord and related goals of reducing greenhouse gas emissions to fight climate change. Dallas-based energy services and pipeline company Enlink Midstream LLC in its annual report last week also noted Biden's support for federal limits on hydraulic fracturing and banning new leases for minerals production on federal properties. These potential developments could increase operating costs or decrease demand for natural gas, Enlink said, and are common concerns among traditional energy companies. Drilling equipment supplier Now Inc. noted that, by comparison, it benefited from Trump-era deregulation.
Drug-related companies are constantly concerned about health care regulations, including potential changes to Affordable Care Act coverage or stricter regulations on drug pricing. Both have been hot-button topics in Democratic and Republican administrations. Alnylam Pharmaceuticals Inc., which makes medicines to treat rare genetic diseases and central nervous system disorders, noted that the previous White House guidelines pushed for reforms that would cap certain Medicare out-of-pocket pharmacy expenses and limit pharmaceutical price increases. To the extent the current administration’s policies more resemble the Obama administration than the last administration in terms of health care and energy.
A new concern across many industries is the potential for higher corporate taxes. Clothing company Hanesbrands Inc. is among many companies worried about efforts to roll back parts of the Tax Cuts and Jobs Act, a 2017 bill that reduced the corporate income tax to 21%.
Numerous negative factors from the coronavirus pandemic has also been a recurring "risk factor." Some banks are now warning investors that policies aimed at relieving borrowers, which may have a direct affect with their bottom lines. Wisconsin-based holding company Associated Banc-Corp noted a recent US executive order (E.O.) to extend a federal eviction moratorium through 31 March 2021, as well as the president's proposal that such relief be extended until 30 September, as part of the proposed COVID-19 package. Associated Banc-Corp separately indicated that the recent E.O. has requested that federal agencies extend a moratorium on foreclosures on federally guaranteed mortgages, until at least 31 March. Banks expect to see more coronavirus-related disclosures in 2021. Companies that have many employees who transitioned to remote work may need to disclose cyber security risks. Ah, yes, work to home (WTH) cyber security RISKS, which are REAL and of grave concern. Red Sky Alliance has written and reported on this negative phenomenon for a year now. Aside from the pandemic, Associated Banc-Corp and other companies have noted that the Consumer Financial Protection Bureau, a consumer protection agency established under the Dodd-Frank Act, is expected to adopt more aggressive enforcement policies under the current US administration.
Home financier The Federal National Mortgage Association, or Fannie Mae, also noted in its annual report that the current administration's attempts to address climate change could lead to a transition away from carbon-intensive industries, potentially disrupting certain US regional economies and affecting the ability of borrowers in those regions to repay their mortgages.
Other industries have disclosed uncertainties particular to their business. Cannabis cultivator Acreage Holdings Inc. said in a recent registration statement that it is unclear whether the current US Department of Justice (DOJ), who has nominated a very liberal DC Circuit judge to serve as the new US Attorney General, will adopt an aggressive marijuana enforcement policy. Red Sky Alliance3 analysts have already reported on the cyber-attack on Aurora cannabis company and distributer. In contrast, New York located Acreage company noted the DOJ may reinstitute the Cole Memorandum, the 2013 US policy memo limiting the criminal charges that could be brought against state-legal marijuana businesses, that was in effect over four years ago.
Technology companies are also disclosing new risks. Cloud communications platform Twilio pointed out that during the last presidential campaign, liberals supported reimposing "net neutrality" rules governing Internet providers, which Twilio said could lessen demand for its services. California based Twilio also noted current administration and liberal members of Congress want to review Section 230 of the Communications Decency Act, which protects internet companies from being held liable for what their users say online. Section 230 was also targeted by the last president who supported its repeal.
More companies are expected to file their annual 10-K reports in the coming weeks. Additionally, companies filing for initial public offerings or follow-on offerings will submit registration statements. As companies reevaluate their risks, analysts predict, they should also be aware of recent changes to "risk factor" rules the SEC enacted last August, purportedly to improve usefulness and readability for investors. Those changes require companies to compile a summary of two pages or less explaining their risks if the full "risk factors" section of their SEC filing exceeds 15 pages. Companies are also being urged by the SEC to focus on "material" risks and avoid generalities applicable to any business.
All of the above risks and vulnerabilities are directly associated with possible cyber-attacks. Why? Because cyber criminals and state sponsored actors read the SEC filing, many of which are public document. They are not dumb criminals or spies. They are very ingenious and resourceful. Our cool collection and analysis tool RedXray and support tool RedPane can help with supporting standing network defenses and MSSP’s - in a proactive manner - by identifying underground threats and vulnerabilities. This is often where bad cyber actors communicate. This service is an excellent complement to a network defense for any foreign or domestic cyber threat. In addition to offering cyber protection, we offer cyber insurance through Cysurance. Call for a quote.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings: https://attendee.gotowebinar.com/register/3702558539639477516
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
[1] https://www.wapacklabs.com/cyber-insurance
[2] https://www.law360.com/cybersecurity-privacy/articles/1356764/companies-beef-up-risk-disclosures-as-biden-era-begins/
Comments