Communications of the ACM

Home/News/The SEC is Giving Companies Four Days to Report Cyberattacks/Full Text

ACM News

The SEC is Giving Companies Four Days to Report Cyberattacks

By Quartz
July 27, 2023
Comments

View as: Print Mobile App Share:

Artist's impression of a hacker at work. — "Cybersecurity intrusions can go beyond the loss of sensitive information and related remediation...they can alter the normal course operations of complex, capital- and infrastructure-intensive businesses," said SEC Commissioner Caroline A Crenshaw.

Credit: Kacper Pempel/Reuters

The U.S. Securities and Exchange Commission (SEC) wants public companies to be more transparent and forthcoming about "material cybersecurity incidents," the federal agency said yesterday (July 26).

Its new rules, passed by a 3-2 vote, dictate companies must disclose details of incidents and their effect on the bottomline in a section of the Form 8-K, a broad form companies use to notify shareholders of major events, within four days of a cybersecurity event.

A delay in filing will only be allowed if the .S. Attorney General determines that "immediate disclosure would pose a substantial risk to national security or public safety and notifies the Commission of such determination in writing," the SEC said.

Final rules, which will be signed into the Federal Register later this year, will apply to big companies within 30 days. Smaller companies will be given a more generous deadline—180 days—to comply.

From Quartz
View Full Article

No entries found

The SEC is Giving Companies Four Days to Report Cyberattacks

Your Body Is Your Next Security Key

Toward a Solid Acceptance of the Decentralized Web of Personal Data: Societal and Technological Convergence

The Role of Autonomous Machine Computing in Shaping the Autonomy Economy