COMMENTARY
The advent of generative AI is surfacing new risks, significantly raising the stakes for businesses around the globe and for marketplace stability. In reaction to the logarithmic growth of cybercrime, the guidance and regulatory landscape is changing rapidly. While historically, the United States preferred frameworks over regulation, in 2023 there was a significant regulatory development: the introduction of new cybersecurity rules by the Securities and Exchange Commission (SEC). These rules for publicly traded companies focus on cybersecurity risk management, governance, and incident disclosure. Designed to enhance investor protection and market transparency, the SEC seeks to ensure timely and effective communication of events that affect the financial health or stability of publicly traded companies.
Under the new disclosure rules, registrants must report within four days any cybersecurity incident they have determined to have a “material impact,” meaning it could significantly affect the company’s operations or finances. Companies must therefore swiftly assess the nature and scope of the incident, including the type and volume of compromised data and the…
