New U.S. SEC rule requires public companies to disclose cybersecurity breaches in 4 days
www.ctvnews.ca
The Securities and Exchange Commission adopted rules Wednesday to require public companies to disclose within four days all cybersecurity breaches that could affect their bottom lines. Delays will be permitted if immediate disclosure poses serious national security or public safety risks.

U.S. rule requires public companies to disclose cybersecurity breaches in 4 days::The Securities and Exchange Commission adopted rules Wednesday to require public companies to disclose within four days all cybersecurity breaches that could affect their bottom lines. Delays will be permitted if immediate disclosure poses serious national security or public safety risks.

  • evatronic@lemm.eeEnglish
    14·
    11 months ago

    Technically, the clock doesn’t start ticking on the four-day window for reporting until companies have determined a breach is material.

    It’s not all breaches. In fact, because this is the SEC, it’s about financial impact, not privacy or security.

    It’s a good start, but I worry that a financial impact based approach creates the wrong incentive.