SEC Implements New Rule Requiring Firms to Disclose Cybersecurity Breaches in 4 Days



securities-and-exchange-commission-sec-logo

What happened? The SEC (Securities and Exchange Commission) has introduced new rules that require public companies to be more transparent about their cybersecurity risks and any breaches they experience.

This means companies will need to regularly share information about how they're managing cybersecurity risks and any significant cybersecurity incidents they've had. If a company experiences a significant cybersecurity incident, they'll need to report it within four business days.

SEC Chair Gary Gensler said: ""Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information, today's rules will benefit investors, companies, and the markets connecting them." 

Why is this important? This new rule is likely to make cybersecurity a higher priority for companies. It could lead to increased investment in cybersecurity measures, as companies will want to avoid the potential negative publicity and financial implications of a breach. This is particularly relevant for C-level execs in not only public companies.  The new rules are likely to be particularly beneficial for companies in the cyber security and compliance which are likely to see increased focus and budget allocation due to these new rules.

What do people think? There are quite a few opinions about this new rule. They vary markedly depending on who you ask. InfoSec professionals are looking at this from another lens and are not particularly impressed. I recommend forwarding this WSJ article to your C-level execs as budget ammo


Request A Quote: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4's security awareness training and simulated phishing platform and find out how affordable this is!

Get A Quote Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/kmsat-security-awareness-training-quote



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews