https://community.isc2.org/t5/Governance-Risk-Compliance/SEC-now-requires-companies-to-disclose-cyberattacks-in-4-days/m-p/61263#M923 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1542574691">@JKWiniger</a>&nbsp;&nbsp;&nbsp; Excellent news then.... yay</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Sat, 29 Jul 2023 04:47:22 GMT Caute_cautim 2023-07-29T04:47:22Z https://community.isc2.org/t5/Governance-Risk-Compliance/SEC-now-requires-companies-to-disclose-cyberattacks-in-4-days/m-p/61207#M917 <P>Hi All</P><P>&nbsp;</P><P>I wonder whether organisations will actually comply with this requirement?</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/" target="_blank" rel="noopener">https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/</A></P><P>&nbsp;</P><P>How will smaller companies comply?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 09 Oct 2023 10:40:06 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/SEC-now-requires-companies-to-disclose-cyberattacks-in-4-days/m-p/61207#M917 Caute_cautim 2023-10-09T10:40:06Z https://community.isc2.org/t5/Governance-Risk-Compliance/SEC-now-requires-companies-to-disclose-cyberattacks-in-4-days/m-p/61209#M918 <P>Smaller companies will not be effected by this because it only applies to publicly traded companies, I think once a company gets to that point they are no longer small.</P><P>&nbsp;</P><P>What I don't see is any kind of penalty if a company does not disclose in time or at all.</P><P>&nbsp;</P><P>John-</P> Wed, 26 Jul 2023 23:09:05 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/SEC-now-requires-companies-to-disclose-cyberattacks-in-4-days/m-p/61209#M918 JKWiniger 2023-07-26T23:09:05Z https://community.isc2.org/t5/Governance-Risk-Compliance/SEC-now-requires-companies-to-disclose-cyberattacks-in-4-days/m-p/61210#M919 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1542574691">@JKWiniger</a>&nbsp;&nbsp; I agree, I have asked the question on social media, but no response as yet.&nbsp; Apparently not implemented before December 2023.&nbsp; So it will be interesting what the reaction will be from organisations as a whole.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Thu, 27 Jul 2023 03:10:08 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/SEC-now-requires-companies-to-disclose-cyberattacks-in-4-days/m-p/61210#M919 Caute_cautim 2023-07-27T03:10:08Z https://community.isc2.org/t5/Governance-Risk-Compliance/SEC-now-requires-companies-to-disclose-cyberattacks-in-4-days/m-p/61218#M920 <P>I find it interesting that publicly traded companies get all these requirements, but SMBs struggle to determine their own cyber-centric identity, posture, and value.&nbsp; It wasn't until yesterday that I learned about the <A href="https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314" target="_blank" rel="noopener">FTC's Section 314</A>, which only broadly addresses cybersecurity through the eyes of consumer protection.</P><P>&nbsp;</P><P>No matter, good move on SEC's part.</P> Thu, 27 Jul 2023 13:01:51 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/SEC-now-requires-companies-to-disclose-cyberattacks-in-4-days/m-p/61218#M920 ericgeater 2023-07-27T13:01:51Z https://community.isc2.org/t5/Governance-Risk-Compliance/SEC-now-requires-companies-to-disclose-cyberattacks-in-4-days/m-p/61251#M922 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/809125741">@Caute_cautim</a>&nbsp;I wasn't sure if I should make this a new post or just reply... From the same SEC change comes.. Companies Must Have Corporate Cybersecurity Experts!&nbsp;</P><P>&nbsp;</P><P>I think this is a step in the right direction..</P><P>&nbsp;</P><P><A href="https://www.darkreading.com/edge-articles/companies-must-have-corporate-cybersecurity-experts-sec-says" target="_blank" rel="noopener">https://www.darkreading.com/edge-articles/companies-must-have-corporate-cybersecurity-experts-sec-says</A>&nbsp;</P><P>&nbsp;</P><P>John-</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 28 Jul 2023 16:12:52 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/SEC-now-requires-companies-to-disclose-cyberattacks-in-4-days/m-p/61251#M922 JKWiniger 2023-07-28T16:12:52Z https://community.isc2.org/t5/Governance-Risk-Compliance/SEC-now-requires-companies-to-disclose-cyberattacks-in-4-days/m-p/61263#M923 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1542574691">@JKWiniger</a>&nbsp;&nbsp;&nbsp; Excellent news then.... yay</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Sat, 29 Jul 2023 04:47:22 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/SEC-now-requires-companies-to-disclose-cyberattacks-in-4-days/m-p/61263#M923 Caute_cautim 2023-07-29T04:47:22Z