Will Proposed SEC Cybersecurity Disclosure Rules Enhance Defenses or Hamper Responses? There’s Still Time to Assess and Comment.

0
252

Proposed rules relating to incident reporting aim to improve cybersecurity in public companies, but FTI Consulting’s Jordan Rae Kelly suggests the SEC’s well-intentioned requirements could have unintended consequences.

The SEC recently voted in favor of a proposal that would require publicly traded companies to report cybersecurity incidents and data breaches within four days, as well as disclose updates regarding previous incidents.

The proposed rules are subject to a public comment period through May 9, 2022.

The Best of Intentions …

In a speech presented at the Northwestern Pritzker School of Law’s Annual Securities Regulation Institute, SEC Chairman Gary Gensler stated that the agency is working to “improve the overall cybersecurity posture and resiliency of the financial sector.”

This proposal follows a global trend of increased attention and corresponding regulation regarding cybersecurity, and the expectation that organizations are doing all they can to protect their own interests and the interests of their customers and clients (e.g., personal information).

The proposed SEC regulation aside, organizations should already be determining and analyzing how to properly invest in cybersecurity. However, this may serve as…

Подробнее…