SEC disclosure mandate
Among other things, the guidelines mandate that a “material” cybersecurity event be reported to the SEC within four days of its classification as such. The SEC states that they were meant to give investors timely and “decision-useful” cybersecurity information; nevertheless, experts point out that several of the early disclosures only included rudimentary breach details, raising significant concerns that remain unaddressed.
According to Scott Kimpel, a partner at Hunton Andrews Kurth, “Some of these disclosures, I think, are question-begging.” “They just provide us with superficial, newsworthy details about the occurrence.
SEC disclosure for companies: What does it mean?
Companies must assess an incident’s materiality “without unreasonable delay following discovery and, if the incident is determined material, file an Item 1.05 Form 8-K generally within four business days of such determination,” according to SEC regulations.
The incident’s “material impact or reasonably likely material impact,” as well as its material features of nature, scope, and chronology, must all be disclosed.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: