<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Sustainable Finance Newsletter - Wall Street yawns at new hacking disclosures</title></head><body>

By Ross Kerber

July 31 (Reuters) -A massive loss of customer data from AT&T was one of the incidents that has turned up in new federal cybersecurity disclosures that companies are required to file.

But AT&T's filing suggested little lasting financial impact, and investors shrugged off the matter. You can read more below about how little drama the new reports have created.

I'm also including some links to stories about a guilty plea by Boeing, and about a sales drop at McDonald's. While you're at it, don't miss the climate-tornado-movie controversy below.

Last: Thanks to the 402 readers of this newsletter who filled out our recent survey. Things you said you learned included unique takes on corporate climate matters and international ESG-related developments.

Most of you liked the length and format and many had great ideas for future columns or reporting on topics like global political developments around sustainability, the impact of politics on business and markets' responses to sustainability efforts.

I'll get to work so please keep reading. And if you missed the survey or have more thoughts to share,you can connect with me on LinkedIn or email me at ross.kerber@thomsonreuters.com

Wall Street yawns at new hacking reports

New rules from Wall Street's top regulator require companies to disclose materialcybersecurity incidents. But only 21 companies made such reports through July 25, law firm Debevoise & Plimpton LLP found.

Security experts and lawyers I spoke with saythe trickle suggests many breaches are not such a big dealfrom an investor point of view, and companies remain cautious about making the filings.

"There are a lot of incidents that don't rise to 'materiality'," said Doug Clare, managing director cyber strategy for ISS Corporate. The term "materiality" means it is likely a certain fact would be deemed significant by a reasonable investor. Clare added that "there's still some angst out there from companies about what constitutes 'materiality' on cyber issues."

When to disclose a hacking incident is one of the most sensitive corporate-governance decisions boards face. But nobody I spoke with thinks companies are hiding bad incidents.

For one thing, other disclosures already provide a lot more detail about online threats. By Clare's count, Russell 3000 firms filed some 700 cyber hacking incident reports with state authorities during the two-year period ended Dec. 31, 2023. The count excluded flubs like a lost hard drive or physical thefts like burglaries.

Still the SEC worried companies could siton important information. "Because cybersecurity incidents can significantly affect registrants’ stock prices, delayed disclosure results in mispricing of securities, harming investors," the SEC wrote.

In practice Wall Street hasn't been flustered by the breaches so far this year. When on July 12 AT&T said a massive breach of records of calls and texts from 2022 was illegally downloaded in April, its shares closed downonly 0.27% that day and soon recovered in following days.

Among the incidents reported under the new materiality rules, none of the companies' share prices were significantly affected a week after the disclosures, a review by communications advisory firm FGS Global found. “Investors are shrugging these off as incidents that aren’t catastrophic to finances or reputations,” FGS Partner Scott Lindlaw told me in an interview.

The lack of specific material impacts is also a likely factor for investors, said Debevoise partner Benjamin Pedersen.

Some wonder if the new rules are pushing companies for too much disclosure and muddying the waters. In a July 12 disclosure about the hack, AT&T T.Nwrote it "does not believe that this incident is reasonably likely to materially impact AT&T’s financial condition or results of operations."

Likewise, in a March 8 securities filing, Microsoft MSFT.O reported that starting last November, "a nation-state threat actor had gained access to and exfiltrated information from a very small percentage of employee email accounts including members of our senior leadership team and employees in our cybersecurity, legal, and other functions."

But Microsoft said "the incident has not had a material impact" on operations and added the company had not yet determined if it was likely to materially impact financial condition or results.

Microsoft and AT&T declined to comment.

In May Erik Gerding, the SEC's corporation finance director, wrote that "it could be confusing for investors" if companies disclose cybersecurity incidents whose materiality remains under review. He encouraged companies to disclosecybersecurity incidents in different manner on their form 8-Ks.

Company News

Meta Platforms META.O agreed to pay $1.4 billion to Texas to resolve the state’s lawsuit accusing the Facebook parent of illegally using facial-recognition technology to collect biometric data on millions of Texans without their consent.

Boeing BA.N finalized a guilty plea to a criminal fraud conspiracy charge and agreed to pay at least $243.6 million after breaching a 2021 agreement with the U.S. Justice Department.

McDonald's MCD.N reported a surprise drop in sales worldwide on Monday, its first decline in 13 quarters, as deal-seeking consumers shy away from higher priced menu items like Big Macs.

On my radar

I enjoyed the new tornado movie Twisters, and I'm following the interesting debate about its lack of a discussion about climate change. To me the movie's biggest stretch was its depiction of Oklahomans being clueless about how to react to tornadoes. As everyone in the 405 area code knows, go to the basement!

Germany-based ESG platform osapiens said it completed a $120 million financing round led by an arm of Goldman Sachs Asset Management.GS.N The funds will be used for international expansion and technology development, the companies said.

BlackRock BLK.N said it supported Tesla TSLA.O CEO Elon Musk's record $56 billion pay deal, but voted against Tesla director James Murdoch and backed a pair of corporate-governance reforms at the electric carmaker's annual meeting on June 13.

Reporting by Ross Kerber in Boston; Editing by David Gregorio

</body></html>