SEC Adopts Cyber Incident and Risk Management Reporting Rules
Russia sentences Group-IB founder to 14 years, FraudGPT tool emerges, China blames US for earthquake monitoring center attack, Blame for Alphapo theft pinned on DPRK's Lazarus, much more
Check out my latest CSO column that walks through the details of the new SEC cyber incident and risk management reporting rules.
The US Securities and Exchange Commission adopted rules on cybersecurity risk management, strategy, governance, and incident disclosure for domestic and international registrants that requires a four-day deadline for publicly disclosing cyber incidents that have a material impact.
Companies could delay disclosure if revealing information about a hack would pose a significant risk to national security or public safety, as determined by the US attorney general, while other deadline extensions are available for companies currently required to disclose incidents under the FCC’s reporting rules.
The rules also require registrants to describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats, as well as the material effects or reasonably likely material effects of risks from cybersecurity threats and previous …
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.