Apparently it takes an alleged Chinese threat to get the New York Times to notice Internet security problems. The Times has escalated from a recent article to an editorial.
NYTimes Editorial 26 February 2013, An Eerie Silence on Cybersecurity, notes a few exceptions, and then remarks:
American companies have been disturbingly silent about cyberattacks on their computer systems — apparently in fear that this disclosure will unnerve customers and shareholders and invite lawsuits and unwanted scrutiny from the government.
In some cases, such silence might violate the legal obligations of publicly traded companies to share material information about their businesses. Most companies would tell investors if an important factory burned to the ground or thieves made off with hundreds of millions of dollars in cash.
Maybe it's better to have a prescribed burn of released breach information than to have a factory fire of unprescribed released information.
Why don't companies do this?