The SEC’s newly proposed deadline for cyber breach reporting ramps up pressure on companies to quickly gauge the business impacts of such events.
Under the Securities and Exchange Commission’s proposed rule, publicly traded companies would have to disclose a cybersecurity incident within four days of determining that it’s considered “material,” or important to the average investor. It’s a departure from other breach notification rules, imposed by states or on certain industries, that lay out a timeframe for companies to disclose after discovering a data leak.
This “subtle shift” puts the onus on companies to comprehend the operational and strategic ...