New rules requiring publicly-listed firms to disclose serious cybersecurity incidents within four days have been adopted by the US Securities and Exchange Commission (SEC). The tough new rules, although undoubtedly well-intentioned, are likely to leave some firms angry that they are being “micromanaged” and – it is argued – could even assist attackers. From December 2023, listed firms are required to report details about “material” cyberattacks describing “the incident’s nature, scope, and timing, as well as its material impact or reasonably likely material impact on the registrant.” What does…
This article has been indexed from Blog RSS Feed
Read the original article: