cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

SEC now requires companies to disclose cyberattacks in 4 days

Hi All

 

I wonder whether organisations will actually comply with this requirement?

 

https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-i...

 

How will smaller companies comply?

 

Regards

 

Caute_Cautim

5 Replies
JKWiniger
Community Champion

Smaller companies will not be effected by this because it only applies to publicly traded companies, I think once a company gets to that point they are no longer small.

 

What I don't see is any kind of penalty if a company does not disclose in time or at all.

 

John-

Caute_cautim
Community Champion

@JKWiniger   I agree, I have asked the question on social media, but no response as yet.  Apparently not implemented before December 2023.  So it will be interesting what the reaction will be from organisations as a whole.

 

Regards

 

Caute_Cautim

ericgeater
Community Champion

I find it interesting that publicly traded companies get all these requirements, but SMBs struggle to determine their own cyber-centric identity, posture, and value.  It wasn't until yesterday that I learned about the FTC's Section 314, which only broadly addresses cybersecurity through the eyes of consumer protection.

 

No matter, good move on SEC's part.

-----------
A claim is as good as its veracity.
JKWiniger
Community Champion

@Caute_cautim I wasn't sure if I should make this a new post or just reply... From the same SEC change comes.. Companies Must Have Corporate Cybersecurity Experts! 

 

I think this is a step in the right direction..

 

https://www.darkreading.com/edge-articles/companies-must-have-corporate-cybersecurity-experts-sec-sa... 

 

John-

 

 

Caute_cautim
Community Champion

@JKWiniger    Excellent news then.... yay

 

Regards

 

Caute_Cautim