Re: SEC now requires companies to disclose cyberat...

Caute_cautim · ‎07-26-2023

Hi All

I wonder whether organisations will actually comply with this requirement?

https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-i...

How will smaller companies comply?

Regards

Caute_Cautim

JKWiniger · ‎07-26-2023

Smaller companies will not be effected by this because it only applies to publicly traded companies, I think once a company gets to that point they are no longer small.

What I don't see is any kind of penalty if a company does not disclose in time or at all.

John-

Caute_cautim · ‎07-26-2023

@JKWiniger I agree, I have asked the question on social media, but no response as yet. Apparently not implemented before December 2023. So it will be interesting what the reaction will be from organisations as a whole.

Regards

Caute_Cautim

ericgeater · ‎07-27-2023

I find it interesting that publicly traded companies get all these requirements, but SMBs struggle to determine their own cyber-centric identity, posture, and value. It wasn't until yesterday that I learned about the FTC's Section 314, which only broadly addresses cybersecurity through the eyes of consumer protection.

No matter, good move on SEC's part.

-----------
A claim is as good as its veracity.

JKWiniger · ‎07-28-2023

@Caute_cautim I wasn't sure if I should make this a new post or just reply... From the same SEC change comes.. Companies Must Have Corporate Cybersecurity Experts!

I think this is a step in the right direction..

https://www.darkreading.com/edge-articles/companies-must-have-corporate-cybersecurity-experts-sec-sa...

John-

Caute_cautim · ‎07-29-2023

@JKWiniger Excellent news then.... yay

Regards

Caute_Cautim

SEC now requires companies to disclose cyberattacks in 4 days