WASHINGTON—Federal regulators are considering a requirement that publicly traded companies disclose data breaches and other significant cybersecurity incidents within four days, as they seek to strengthen financial markets’ resilience to online attacks.
The Securities and Exchange Commission proposed a rule Wednesday that would impose mandatory reporting for companies around cybersecurity. Commissioners voted 3-1 to issue the proposal, which could be completed after the agency receives and analyzes feedback from the public.
“Cybersecurity incidents, unfortunately, happen a lot,” SEC Chairman
Gary Gensler
said in prepared remarks, noting that successful attacks affect companies’ finances, operations and reputations. “Thus, investors increasingly seek information about cybersecurity risks, which can affect their investment decisions and returns.” Mr. Gensler was nominated by President Biden.
Do you support tougher rules to regulate crypto? Join the conversation below.
Companies have long been required to tell the market about risks and incidents they deem to be material to investors, and the SEC has reminded them in recent years to do so in a timely fashion with regards to cybersecurity. But agency officials say companies’ disclosure of such information has been inconsistent.
An analysis of 2018 regulatory filings by former Democratic SEC commissioner
Robert Jackson
found that some 90% of known cyber incidents at public companies went undisclosed.
Wednesday’s proposed rules would be more prescriptive, officials said.
In addition to reporting major cybersecurity events within four days after uncovering them, companies would be required to provide periodic updates about previous incidents. They would also have to report when “a series of previously undisclosed, individually immaterial cybersecurity events has become material in the aggregate.”
Annual reports would also have to outline a firm’s policies for identifying and managing cybersecurity risks, and say whether any member of its board of directors has expertise in cybersecurity.
The SEC will solicit comments on the proposal for at least 60 days before deciding whether to issue a final rule.
Write to Paul Kiernan at paul.kiernan@wsj.com
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
24World Media does not take any responsibility of the information you see on this page. The content this page contains is from independent third-party content provider. If you have any concerns regarding the content, please free to write us here: contact@24worldmedia.com
Common Mistakes When Using Athletic Field Tarps
High-Performance Diesel Truck Upgrades You Should Consider
Warehouse Optimization Tips To Improve Performance
Fire Hazards in Daily Life: The Most Common Ignition Sources
Yellowstone’s Wolves: A Debate Over Their Role in the Park’s Ecosystem
Earth Day 2024: A Look at 3 Places Adapting Quickly to Fight Climate Change
Millions of Girls in Africa Will Miss HPV Shots After Merck Production Problem
This Lava Tube in Saudi Arabia Has Been a Human Refuge for 7,000 Years
Four Wild Ways to Save the Koala (That Just Might Work)
National Academy Asks Court to Strip Sackler Name From Endowment
Ways Industrial Copper Helps Energy Production
The Ins and Out of Industrial Conveyor Belts
