Imagine making a significant stock investment in the latest hot tech startup—only to find out, much later, that the firm had been the victim of an undisclosed data breach that seriously damaged its customers, reputation, and infrastructure. Would you have invested in the first place had you known the truth?
Fortunately, investors no longer have to dread the financial losses of this scenario thanks to the new U.S. Securities and Exchange Commission (SEC) cybersecurity rules that place significant new reporting requirements on public companies under their jurisdiction. The 2023 FBI IC3 report revealed that data breaches caused over $534 million in losses last year, showing the need for better cybersecurity regulations and disclosures in the financial sector.
The new regulations require reporting any ‘material cybersecurity incident’ to the SEC, in their prescribed format, within four business days of the incident occurring. In addition, you must have processes to rapidly determine whether an incident is ‘material’ and have management and board responsibilities assigned to assess and manage material cybersecurity risks.
Security training and awareness programs are…
