“The company has activated its response protocols, which include pausing operations in some locations, engaging leading security experts and coordinating with relevant law enforcement agencies,” Brunswick said in a statement. “Brunswick is working to address the incident in order to restore the full functionality of the affected systems and minimize business, employee, and customer impacts.”
Brunswick disclosed the incident after the markets closed June 13. It had hit a 1-year high earlier that day, trading at more than $90. It was trading at about $85 on June 15.
Brunswick’s disclosure comes as the SEC is proposing rules that would require companies to report cybersecurity incidents within four days of determining a "material" event had occurred. It's not clear whether Brunswick's report would meet the four-day rule, as the company did not disclose when the incident occurred.
“Investors are paying more attention to cyberattacks,” says George Georgiev, associate professor at Emory University School of Law in Atlanta. “This affects the bottom line. We are seeing more incidents, and we are likely to see more robust disclosures around them.”
FBI Deputy Director Paul Abbate warned of increased threats last week at a cybersecurity conference in Boston.
“Over the past two years, the FBI has seen a wider-than-ever range of malicious cyber actors lawlessly threatening U.S. economic and national security,” he said. “Today, we are investigating more than 100 different ransomware variants, each with scores of victims, wreaking havoc on business operations, causing devastating financial losses, and targeting everything from hospitals to emergency services to the energy sector and state and local governments.”
Cyberattacks have become so widespread that it seems more a question of when, not if, says Charles Elson, a corporate-governance expert and professor emeritus at the University of Delaware.
“Every human being in the United States has had this happen to them,” he says. “Cyberattacks are material to investors. Companies have had huge losses from cyberattacks. Successful attacks used to be unusual. Now they’re not. The key is: Do you have a thoughtful program in place that makes a reasonable effort to prevent attacks?”