SEC Considers Rule Requiring Firms to Report Cyber Attacks Within Four Days

By Scott Marlette On Mar 9, 2022

The Securities and Exchange Commission is set to vote on a rule that would require companies to report major cybersecurity incidents within four days.

Photo:

Al Drago/Bloomberg News

March 9, 2022 10:00 am ET

WASHINGTON—Federal regulators are considering a requirement that publicly traded companies disclose data breaches and other significant cybersecurity incidents within four days, as they seek to strengthen financial markets’ resilience to online attacks.

The Securities and Exchange Commission is set to propose a rule that would impose mandatory reporting for companies around cybersecurity. The agency’s four commissioners—three Democrats and one Republican—will vote on the proposal in a public meeting Wednesday. If the proposal is approved, it could be finalized after the agency receives and analyzes feedback from the public.

“Cybersecurity incidents, unfortunately, happen a lot,” SEC Chair

Gary Gensler

said in prepared remarks, noting that successful attacks affect companies’ finances, operations and reputations. “Thus, investors increasingly seek information about cybersecurity risks, which can affect their investment decisions and returns.”

SHARE YOUR THOUGHTS

Do you support tougher rules to regulate crypto? Join the conversation below.

Companies have long been required to tell the market about risks and incidents they deem to be material to investors, and the SEC has reminded them in recent years to do so in a timely fashion with regards to cybersecurity. But agency officials say companies’ disclosure of such information has been inconsistent.

Wednesday’s proposed rules would be more prescriptive, officials said.

In addition to reporting major cybersecurity events within four days after uncovering them, companies would be required to provide periodic updates about previous incidents. They would also have to report when “a series of previously undisclosed, individually immaterial cybersecurity events has become material in the aggregate.”

Annual reports would also have to outline a firm’s policies for identifying and managing cybersecurity risks, and say whether any member of its board of directors has expertise in cybersecurity.

The SEC will solicit comments on the proposal for at least 60 days before deciding whether to issue a final rule.

Ransomware attacks are increasing in frequency, victim losses are skyrocketing, and hackers are shifting their targets. WSJ’s Dustin Volz explains why these attacks are on the rise and what the U.S. can do to fight them. Photo illustration: Laura Kammermann

Bitcoin, Dogecoin, Tether: Cryptocurrency Markets

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.