Even before hackers stole 40 million credit- and debit-card numbers from Target Corp. stores last year, Wal-Mart directors received frequent rundowns from outside consultants on cyberthreats, including gangs of Russian-speaking hackers who target payment-card data, a person familiar with the meetings said.
A Wal-Mart spokesman didn’t dispute that account.
So far this year, 1,517 companies traded on the New York Stock Exchange or Nasdaq Stock Market listed some version of the words cybersecurity, hacking, hackers, cyberattacks or data breach as a business risk in securities filings, according to a Wall Street Journal analysis. That is up from 1,288 in all of 2013 and 879 in 2012.
Still, federal officials and others say many companies remain ignorant of, and unprepared for, Internet intruders.
“There may be a gap that exists between the magnitude of the exposure presented by cyber-risks and the steps, or lack thereof, that many corporate boards have taken to address these risks,” Securities and Exchange Commissioner Luis Aguilar told directors earlier this month at a cybersecurity conference at the New York Stock Exchange.