The blockwave ExchangeU.S. Securities and Exchange Commission announced new rules yesterday requiring public companies to disclose cybersecurity incidents as soon as four business days.
SEC Chair Gary Gensler said the disclosure "may be material to investors" and could benefit them, the companies and markets connecting them.
“Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way," he said.
The new rules were proposed in March 2022 after the SEC noted the increase in cybersecurity risks following the way companies pivoted toward remote work, moving more operations online, use of digital payments, increased reliance on third-party service providers for services like cloud computing technology, and how cyber criminals are able to monetize cybersecurity incidents.
Under the new rules, companies are required to fill out the brand new 8-K form, which will have Item 1.05 added to disclose cybersecurity incidents. It will require disclosing and describing the nature, scope, and timing of the incident, material impact or reasonably likely material impact, including the financial condition and results of operations.
If the incident will have a significant effect, then the company has to report it in four days. But if the U.S. Attorney General deems the immediate disclosure a risk to national security or public safety, disclosure could be delayed.
The new regulation requires companies to describe their process assessing cybersecurity threats, how their board of directors oversee cybersecurity threats, and how management assesses the threat.
Foreign companies will use the amended 6-K form to disclose cybersecurity incidents and the amended 20-F form for periodic disclosure.
In this year's "Cost of a Data Breach Report" by IBM Security, the average cost of a data breach in 2023 was $4.45 million, a 2.3% increase from 2022 when it was $4.35 million. The United States has lead the way for 13 consecutive years in highest data breach costs. This year, the Middle East, Canada, Germany and Japan also made up the top five countries with the most expensive data breaches.
During ransomware attacks, companies that excluded law enforcement paid 9.6% more and experienced a longer breach at 33 days.
Only one-third of the companies found data breaches themselves, while the rest were reported by the attackers themselves or by a third party. Among industries, health care had the highest data breach costs in the U.S. this year, followed by the financial, pharmaceutical, energy, and industrial sectors in order.
2025-05-02 18:202919 view
2025-05-02 17:112328 view
2025-05-02 17:02337 view
2025-05-02 16:581633 view
2025-05-02 16:451577 view
2025-05-02 16:321371 view
Stanley is recalling 2.6 million mugs sold in the U.S. after the company received dozens of consumer
Jerome Powell has chaired the Federal Reserve for five years now. To say it's been a wild ride is al
RHODES, Greece (AP) — A week-old wildfire on the Greek resort island of Rhodes tore past defenses Mo
