The U.S. Securities and Exchange Commission (SEC) proposed new regulations to address cybersecurity incidents in public companies. In a press release dated March 9, 2022, the SEC proposed renewed rules for companies and the need for disclosure of attacks among others. According to the reports, amendments to the existing rules were proposed by the SEC as it lacked adequate measures for companies in curbing risk, preparing strategies to thwart cybercrimes, and maintaining transparency in disclosing attacks.
The previous rules lacked a comprehensive action plan in addressing the increasing online crimes against companies. Hence, the new amendment includes the rules related to reporting cybersecurity incidents, giving periodic reports about recent progress made in previous cases, periodic reporting of registrant’s policies, and informing about the procedures the company has taken to identify and manage similar cybersecurity incidents.
The proposed rule pointed at the increased risk of cybersecurity and its impact on the economy and registrants. It further stated, “Large-scale cybersecurity
attacks can have systemic effects on the economy as a whole, including serious effects on critical infrastructure and national security.” The investors will have a better understanding of the cybersecurity measures, and actions after the reporting made by companies, when this proposal is followed. The details collected would include the registrant’s risk management activities and governance. This would also help send regular notifications about cybersecurity incidents to the investors.
The proposed rule as mentioned on the fact sheet outlines the need for reporting cybersecurity incidents on Form 8-K. The proposal further asks for details about the management’s role in implementing cybersecurity policies and the board of directors’ cybersecurity expertise. Their missing of following the standard action plan is also to be notified.
The proposal highlighted how companies have suffered financial losses in the recent past.
It read, “In a 2019 survey, chief executive officers of the largest 200 global companies rated ‘national and corporate cybersecurity’ as the number one threat to business growth and the international economy in the next 5 or 10 years.”
Such findings among others across the globe have created a need for an overall action plan that not only includes reporting cybercrime but also taking all the necessary steps in curbing further risk with proper data disclosure.
AI fraud, deepfake probes, SME cyber warnings, and ransomware cases highlight rising global risks in this week’s Cyber Express roundup.
French national bank authority confirmed a major data breach affecting 1.2 million bank accounts after a malicious actor stole credentials…
The real success of AI will not only depend on how powerful the technology becomes, but on how safely, fairly,…
Israel data breach totals two petabytes, with phishing up 35% and cyber influence attacks rising 170%, says Yossi Karadi.
The UMMC cyberattack halted surgeries, closed clinics statewide and triggered a federal probe into potential patient data exposure.
ESET researchers discovered PromptSpy, the first known Android malware to integrate generative AI directly into its execution flow, marking a…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More
View Comments