SEC: reactions to new cyber incident disclosure rules
Challenges and opportunities: expert comments on the new SEC guidelines
The US Securities and Exchange Commission (SEC) has introduced guidelines requiring companies to disclose cyber incidents within four business days. The new regulation has sparked a debate among cybersecurity experts. While some voices are voicing concerns about privacy and information accuracy, others see an opportunity to increase transparency and incentivize cybersecurity investments.
The United States Securities and Exchange Commission (SEC) recently introduced new guidelines regarding the disclosure of cyber incidents. These require public companies to disclose relevant incidents and vulnerabilities immediately. The SEC also proposed a change to the timing of notifications, which should be done within 4 business days of the incident being identified.
Debate between cybersecurity experts
The change has sparked heated debate among cybersecurity experts. While some argue that these rules are essential to increase transparency, others fear it could lead to premature and potentially inaccurate information. Cybereason CEO Lior Div expressed concern about the privacy impact, suggesting that a four-day notification time may not be sufficient for an accurate assessment.
Differences of opinion in the industry
While privacy concerns are present, Neil Jones, market focus lead of cybersecurity at EY, highlights the benefit of increased transparency and the effectiveness of an accountability framework. Avanan CEO Gil Friedrich believes these new rules could provide an incentive for companies to invest in cybersecurity.
The impact of the new rules
The SEC's new guidelines regarding the disclosure of cyber incidents could bring both benefits and challenges. The practical implications of the new rules for businesses and cybersecurity professionals will remain to be seen. It is certain, however, that the decision marks an important step towards making companies more accountable for the management of cyber incidents. The long-term effect could be a significant shift in cybersecurity culture, with organizations becoming more proactive in preventing attacks and more transparent in their communication when they occur.
Follow us on Google News for more pills like this07/28/2023 13:19
Marco Verro