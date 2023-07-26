Advertise
Be Remarkable
Texas Summer Fun
Restaurant Report Card
Tell Me Something Good
Legal Minute
Minuto Legal

New SEC rule requires public companies to disclose cybersecurity breaches in 4 days

FILE - The seal of the U.S. Securities and Exchange Commission at SEC headquarters, June 19,...
FILE - The seal of the U.S. Securities and Exchange Commission at SEC headquarters, June 19, 2015, in Washington. The SEC adopted rules Wednesday, July 26, 2023, to require public companies to disclose within four days all cybersecurity breaches that could affect their bottom lines. Delays will be permitted if immediate disclosure poses serious national security or public safety risks.(AP Photo/Andrew Harnik, File)
By The Associated Press
Published: Jul. 26, 2023 at 12:43 PM CDT|Updated: 58 minutes ago
Email This Link
Share on Pinterest
Share on LinkedIn

WASHINGTON (AP) — The Securities and Exchange Commission adopted rules Wednesday to require public companies to disclose within four days all cybersecurity breaches that could affect their bottom lines. Delays will be permitted if immediate disclosure poses serious national security or public safety risks.

The new rules, passed by a 3-2 vote, also require publicly traded companies to annually disclose information on their cybersecurity risk management and executive expertise in the field. The idea is to protect investors.

Breach disclosures can be delayed if the U.S. Attorney General determines they would “pose a substantial risk to national security or public safety” and the company notifies the SEC in writing. Only under extraordinary circumstances could that delay be extended beyond 60 days.

“Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” SEC Chair Gary Gensler said in a statement, noting the current inconsistency in disclosures.

The rules will put “more transparency into an otherwise opaque but growing risk” and may spur improvements in cyber defenses — though potentially posing a bigger challenge for smaller companies with limited resources, Lesley Ritter, senior VP at Moody’s Investors Service, said in a statement.

The rules were first proposed in March 2022, when the SEC determined that breaches of corporate networks posed an escalating risk as their digitization of operations and remote work increased — and the cost to investors from cybersecurity incidents rose.

While some critical infrastructure operators and all health care providers must by law report breaches, no federal breach disclosure law exists.

In a new report published by IBM, researchers found organizations now pay an average of $4.5 million to deal with breaches — a 15% increase over the past three years. The Ponemon Institute researchers also found that impacted businesses typically pass the costs on to consumers, who may themselves also be victims with personal information stolen in a breach.

The rule’s passage also comes amid slow-moving, often cryptic disclosures — some through SEC filings — from a major data breach affecting hundreds of organizations caused by the so-called supply chain hack by Russian cybercriminals of a widely used file transfer program, MOVEit. The breach has impacted multiple universities, major pensions funds, U.S. government agencies, more than 9 million motorists in Oregon and Louisiana and companies including the BBC, British Airways, Ernst & Young and PricewaterhouseCoopers.

Copyright 2023 The Associated Press. All rights reserved.

Most Read

According to a news release, the theme park will feature “an Americana-themed environment with...
New $2B theme park and resort as big as Disney’s Magic Kingdom is coming to Oklahoma
Jason Nelson, of China Spring, who served in an Army special operations unit in Afghanistan,...
China Spring veteran fatally shot man who allegedly threatened to kill women at Waco’s Hotel Indigo
Acacia Adams is facing three counts of manslaughter in the deadly fire at the Northgate...
Lacy Lakeview Fire: Woman burned incense stick after gasoline spilled inside unit, ‘recklessly’ igniting deadly inferno, document states
This comes days after Zuri’s mother, Penelope, died on July 19.
Cameron Park Zoo grieves death of baby giraffe Zuri
Former tenants speak out after neighbor turns herself in for allegedly starting deadly Lacy...
‘She’s a monster’: Tenants who survived deadly fire at Northgate Apartments react to arrest of Acacia Adams

Latest News

Smoke rises from a construction crane that caught fire in Manhattan, Wednesday, July 26, 2023,...
Pedestrians scatter as fire causes New York construction crane’s arm to collapse and crash to street
Irish singer Sinead O'Connor is seen at the Grammy Awards at New York's Radio City Music Hall,...
Sinéad O’Connor, gifted and provocative Irish singer, dies at 56
Thankfully, the worker was OK!
WATCH: Worker slips while feeding 700-pound gator
The Oklahoma Highway Patrol said Kamarion Lee and his mother, 23-year-old Alyssia Lee, were...
Amber Alert: 10-month-old child, mother missing from Oklahoma
President Joe Biden’s son Hunter Biden arrives for a court appearance, Wednesday, July 26,...
Hunter Biden’s plea deal on hold after federal judge raises concerns over the terms of the agreement