SEC requires reporting cyberattacks within 4 days, but not everyone may like it.

3 years ago Graham Cluley
sec

New rules requiring publicly-listed firms to disclose serious cybersecurity incidents within four days have been adopted by the US Securities and Exchange Commission (SEC). The tough new rules, although undoubtedly well-intentioned, are likely to leave some firms angry that they are being “micromanaged” and – it is argued – could even assist attackers. From December 2023, listed firms are required to report details about “material” cyberattacks describing “the incident’s nature, scope, and timing, as well as its material impact or reasonably likely material impact on the registrant.” What does…

The post “SEC requires reporting cyberattacks within 4 days, but not everyone may like it.” appeared first on TripWire

Source:TripWire – Graham Cluley

Tags:

More Stories

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

9 hours ago [email protected] (The Hacker News)

Toxic Combinations: When Cross-App Permissions Stack into Risk

16 hours ago [email protected] (The Hacker News)

Why Most AI Deployments Stall After the Demo

3 days ago [email protected] (The Hacker News)

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

6 days ago [email protected] (The Hacker News)

[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment

7 days ago [email protected] (The Hacker News)

Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu

7 days ago [email protected] (The Hacker News)