Security News > 2023 > August > New SEC Rules around Cybersecurity Incident Disclosures
2023-08-02 11:04
The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk. Public companies must “describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats” in their annual filings. The rules go into effect this December. In an email newsletter, Melissa Hathaway wrote:...
News URL
Related news
- Tech firms to pay millions in SEC penalties for misleading SolarWinds disclosures (source)
- SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures (source)
- SEC fines tech companies for misleading SolarWinds disclosures (source)
- Dev + Sec: A collaborative approach to cybersecurity (source)