In 2023, the Securities and Exchange Commission (SEC) significantly tightened its cybersecurity regulations for publicly traded companies. This move, aimed at enhancing investor protection and ensuring market transparency, responds to the increasing prevalence of cyber threats and their potential to disrupt business operations and financial stability.
New Rules for Incident Disclosure
The SEC’s updated regulations require companies to disclose cybersecurity incidents within four days of determining their material impact. Companies must swiftly evaluate the scope and severity of any cyberattack, including the nature and amount of data compromised and the potential business, legal, or regulatory impacts. The goal is to provide timely and accurate information about incidents that could affect a company’s financial health or market performance.
Case Studies: Clorox, Prudential Financial, and UnitedHealth
Recent cyber incidents involving Clorox, Prudential Financial, and UnitedHealth offer insights into how companies handle these new requirements.
Clorox: In August 2023, Clorox faced a major cyberattack that disrupted its automated order processing system, leading to significant delays and product shortages. This disruption is expected to cost the company between $57 million and $65 million in fiscal year 2024, largely for IT recovery and professional services. Additionally, Clorox’s Chief Information Security Officer (CISO) left the company following t
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.