Companies worry about SEC's advice to disclose cyberthreats

Deluged by cyberattacks they've mostly hidden from the public, companies in Silicon Valley and elsewhere are being prodded by federal regulators to finally fess up to this fast-growing threat to their businesses and their customers.

Corporate hacking costs companies and consumers billions of dollars a year, experts say, and has ensnared corporations ranging from online shoe retailer to valley tech giant Google (GOOG). But before these new rules from the Securities and Exchange Commission, the full extent of the problem has been unknown, since big businesses are loath to provide many if any details, fearing embarrassment and concerned about adding to the harm.

But there are indications corporate hacking is widespread. One study found that nearly 40 percent of Fortune 500 companies fail to disclose cyberattacks and privacy breaches in their public filings. Donald Vieira, a former Justice Department security expert who advises corporations about cyberthreats, called the directive "a wake-up call for a lot of companies to sit back and look at what they are doing."