May 28, 2024 at 11:02AM Generative AI presents new risks, prompting the SEC to introduce cybersecurity rules for publicly traded companies. Clorox incurred $49M in costs due to a cyberattack, with ongoing financial impacts. Prudential Financial voluntarily disclosed a breach, and UnitedHealth faced a massive attack that could cost up to $1.6B. Lessons emphasize visibility, … Read more
May 17, 2024 at 10:03AM CISO Steve Cobb noticed public companies seeking more control over third-party incident response in light of the SEC’s cybersecurity risk management ruling, which affects how companies handle incidents. 68% of cybersecurity teams doubt their ability to comply with the SEC’s four-day disclosure rule. Larger public firms are better equipped than … Read more
February 4, 2024 at 10:42AM President Biden will veto Republican lawmakers’ attempt to overturn the Securities and Exchange Commission’s recently implemented cyber incident disclosure rules. These rules require public companies to disclose material breaches within four business days. The White House argues that the rules promote transparency and incentivize companies to invest in cybersecurity, benefitting … Read more
October 31, 2023 at 12:22PM New US law enforcement regulations allow for the delay of public disclosure of security breaches if a written request for an extension is granted. The amendment applies to breaches involving the theft of unencrypted data belonging to at least 500 consumers. The FTC estimates that the amendment will affect approximately … Read more