The SEC’s newly proposed deadline for cyber breach reporting ramps up pressure on companies to quickly gauge the business impacts of such events.
Under the Securities and Exchange Commission’s proposed rule, publicly traded companies would have to disclose a cybersecurity incident within four days of determining that it’s considered “material,” or important to the average investor. It’s a departure from other breach notification rules, imposed by states or on certain industries, that lay out a timeframe for companies to disclose after discovering a data leak.
This “subtle shift” puts the onus on companies to comprehend the operational and strategic ...
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.