ShiftDelete.net
BİZİ TAKİP EDİN

SEC mandates: Disclose cyber attacks within 4 days!

New SEC rules now mandate US publicly traded companies to report any material cyber attack within four days of identification and others...

SEC mandates: Disclose cyber attacks within 4 days!

In a significant development aimed at improving transparency and protecting investors, the U.S. Securities and Exchange Commission (SEC) has endorsed new rules. As per these rules, publicly traded companies are required to disclose any “material” cyber attack affecting their financial position within four days of detection.

What constitutes a ‘material’ cyber attack?

Gary Gensler, the SEC Chair, equated the impact of a major cyber attack to a physical loss, such as a factory fire. According to him, such an incident “may be material to investors.” The consistency, comparability, and usefulness of the disclosure of cybersecurity incidents to investors are set to improve with these rules.

The rules oblige companies to reveal the nature, scope, and timing of the cyber attack and its impact. However, there could be an additional delay of up to 60 days in disclosing specific details if it poses a significant risk to national security or public safety.

The annual reporting requirement

Additionally, companies must provide an annual description of their methods and strategies for assessing, identifying, and managing substantial cybersecurity threats. They should also detail the effects or risks arising from such events and share information about ongoing or completed remediation efforts.

CEO of Safe Security, Saket Modi, highlighted the keyword ‘material’ and the challenge many organizations might face in determining its meaning, as they may not have the systems to quantify risk.

SEC rules – bridging the cybersecurity gaps

These rules, proposed first in March 2022, aim to increase transparency concerning the threats U.S. companies face from cybercrime and nation-state actors. This policy is a major step towards strengthening cybersecurity defense and disclosure practices and fortifying systems against data theft and intrusions.

Concerns raised about the tight timeframe

Despite the positive feedback on the new rules, some concerns have been raised about the tight four-day reporting window. It’s feared this could lead to potentially inaccurate disclosures as companies might require weeks or even months to thoroughly investigate a breach. Early breach notifications could inadvertently alert other attackers to a vulnerable target, thus escalating security risks.

Regardless, this development marks a significant step towards greater cybersecurity transparency and accountability. What are your views on the new SEC rules? We invite you to share your thoughts in the comment section below.

SDN Yorumları 0 Yorum

Yorum Yap

İlgili Haberler

The image of OPPO Reno 13 has emerged!
The image of OPPO Reno 13 has emerged!
Xiaomi’s new price performance model has emerged!
Xiaomi’s new price performance model has emerged!
Xiaomi announced: Here are the models that will receive the HyperOS 2 update!
Xiaomi announced: Here are the models that will receive the HyperOS 2 update!
Tesla’s autonomous taxi Cybercab is coming to Europe!
Tesla’s autonomous taxi Cybercab is coming to Europe!

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net, İnternet Medyası ve Bilişim Muhabirleri Derneği üyesidir.

Desteklio