The US Securities and Exchange Commission (SEC) has implemented new rules that require public companies to promptly disclose material cyber incidents. CFOs are now responsible for disclosing significant cyber incidents within a four-day window. The SEC’s new cybersecurity disclosure rules require public companies to disclose any cybersecurity incident determined to be material within four business days of confirmation. CFOs need to work closely with Chief Information Security Officers (CISOs) to determine the materiality of cybersecurity incidents and establish effective communication channels. Companies are also required to include cybersecurity management information in their annual reports, and CFOs play a crucial role in ensuring that these reports accurately reflect the company’s cybersecurity practices. Non-compliance with the SEC’s cybersecurity disclosure rules can have serious consequences, including SEC penalties, investor lawsuits, reputational damage, and financial losses. CFOs can prepare for the four-day disclosure window by understanding what constitutes a material incident, building a cybersecurity response team, implementing effective incident response processes, providing regular training and awareness programs for employees, engaging external experts to assess cybersecurity practices, and continuously monitoring and improving cybersecurity defenses. Compliance with the SEC’s cybersecurity disclosure rules can enhance a company’s reputation, build investor trust, and mitigate the financial risks associated with cyberattacks. It also demonstrates a commitment to cybersecurity and can attract potential investors who prioritize sound cybersecurity practices.
CFOs, unlock insights on SEC’s brief 4-day disclosure window
Latest from News
OilRig cyber group hits Iraqi Government with advanced malware surprise
Article Summary TLDR: Iranian state-sponsored threat actor OilRig targeted Iraqi government networks in a sophisticated cyber attack campaign using new malware families called Veaty
Ireland investigates Google’s AI data practices
TLDR: The Irish Data Protection Commission (DPC) is launching an inquiry into Google’s AI data practices in Europe. The inquiry will focus on whether
Report finds 4+ remote access tools in most OT environments
TLDR: Over half of OT environments have at least four remote access tools, increasing the risk of malicious activity. Non-enterprise grade tools lack key
TfL updates customer data theft statement following cyber-attack
TLDR: Transport for London (TfL) has revised its statement on the customer data theft after a cyber-attack. The cyber-attack has disrupted online services, but
Yale’s smart campus strategy: defeating AI cyber threats in cloud
TLDR: Yale’s Information Technology Department reported a rise in high-quality phishing attacks due to AI. Yale announced two initiatives: Bee SAFE, Not Sorry and