Security News > 2023 > July > SEC demands four-day disclosure limit for cybersecurity breaches
As you can imagine, especially in an online world in which ransomware breaches can bring a company to a digital standstill overnight, and where even coughing up a multimillion-dollar blackmail payment to the attackers for a "Recovery program" might not be enough to get things going again.
Ransomware attacks these days frequently involve cybercriminals stealing copies of your trophy data first, notably including employee and customer details, and then scrambling your copies of those very same files, thus squeezing you into a double-play cybersecurity drama.
Attacks of Type A can be carried out swiftly and directly, without any file exfiltration in advance, by cybercriminals who don't want to risk getting spotted trying to upload large amounts of data.
If you get hit by a Type A attack, but there's no evidence that unencrypted data was exfiltrated, and you successfully restore from backups overnight and get your business back on track again quickly.
If you get hit by a Type B attack, and after paying the crooks off promptly you are inclined to believe that they really did delete the data so that they can no longer disclose it.
Disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.