It is bad enough that firms and publicly traded companies have to make sure that their respective IT architecture is safe and secure, but recent developments demonstrate that you have to be weary regarding the media outlet with who you share material, non-public information.
The SEC and the DOJ in a joint effort have brought civil and criminal proceedings against individuals part of an international scheme who hacked the systems of certain media outlets to steal and then trade on material non-public information.
Unfortunately, these events only further demonstrate that, no matter how good your security system may be, you are ultimately at risk of a cyber-attack that may be perpetrated on one of your vendors, or a media outlet. As to the latter, it would seem as though the only foolproof protection is not to provide media outlets with this information.
I doubt that any media outlet would give you any sort of assurances going forward that their systems are not exposed to such a strike. Nevertheless, if you are sharing this information before a public announcement, do your homework.
Ask about the media outlet’s data security program. Explore whether and how frequently the outlet tests its systems against unwanted intrusions. Ask whether they have ever been subject to an attack.
Only after you have reasonable comfort should you share such information. Otherwise, just save it for your public announcement or submission with the SEC.