Tweet
The US Securities and Exchange Commission (SEC) has proposed rules which, if passed, would force public companies to report on cyberattacks within 96 hours of their discovery, as well as issue periodic reports on how they manage cybersecurity risks.
The SEC is suggesting a change to the requirements for the Form 8-K to include reporting on malware and other cybersecurity incidents “within four business days after the registrant determines that it has experienced a material cybersecurity incident.”
The 8-K form is usually used by public companies to announce major changes or events that would impact shareholders.
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Furthermore, the SEC suggests changes to the quarterly 10-Q report, and the annual 10-K report, in which companies would report on previously undisclosed incidents that “become material in the aggregate”. In other words, they don’t need to report minor incidents within four days, but ten minor incidents, that mount up to a bigger one, need to be reported every once in a while.
The forms would also be used to report on policies and procedures the companies are using, as they manage cyber-risk.
“Today, cybersecurity is an emerging risk with which public issuers increasingly must contend,” SEC Chair Gary Gensler said in a statement. “Investors want to know more about how issuers are managing those growing risks. A lot of issuers already provide cybersecurity disclosure to investors. I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner.”
Read more
Lately, US regulators have been pushing for tiger legislation with regards to cybersecurity.
A week ago, the Strengthening American Cybersecurity Act was introduced by Senators Rob Portman and Gary Peters, ranking member and chairman of the Senate Homeland Security and Governmental Affairs Committee.
Under the act, which is currently heading to the House for a vote, American critical infrastructure organizations will be forced to report cybersecurity incidents on their endpoints within 72 hours, and any ransomware payments within 24 hours.
[ul]
[li]Stay safe with our list of the best antivirus solutions right now[/li][/ul]
Via: The Register
Continue reading…
The SEC is suggesting a change to the requirements for the Form 8-K to include reporting on malware and other cybersecurity incidents “within four business days after the registrant determines that it has experienced a material cybersecurity incident.”
The 8-K form is usually used by public companies to announce major changes or events that would impact shareholders.
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window p>
[HEADING=1]Cybersecurity is an emerging risk[/HEADING]
[HEADING=1]Cybersecurity is an emerging risk[/HEADING]
The forms would also be used to report on policies and procedures the companies are using, as they manage cyber-risk.
“Today, cybersecurity is an emerging risk with which public issuers increasingly must contend,” SEC Chair Gary Gensler said in a statement. “Investors want to know more about how issuers are managing those growing risks. A lot of issuers already provide cybersecurity disclosure to investors. I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner.”
Read more
Major companies will now need to declare cyberattacks to the CISA immediately
Ransomware attacks saw a huge rise in 2021
The average ransomware group only lives for two years
Ransomware attacks saw a huge rise in 2021
The average ransomware group only lives for two years
A week ago, the Strengthening American Cybersecurity Act was introduced by Senators Rob Portman and Gary Peters, ranking member and chairman of the Senate Homeland Security and Governmental Affairs Committee.
Under the act, which is currently heading to the House for a vote, American critical infrastructure organizations will be forced to report cybersecurity incidents on their endpoints within 72 hours, and any ransomware payments within 24 hours.
[ul]
[li]Stay safe with our list of the best antivirus solutions right now[/li][/ul]
Via: The Register
Continue reading…