New cybersecurity reporting requirements for publicly traded companies are expected to be enacted in the spring of 2023, with proposed rules from the US Securities and Exchange Commission (SEC) looking for more information and transparency from those hit with security incidents.
Under the proposal, the SEC would implement three new rules that public companies will need to follow:
A requirement that companies report any cybersecurity event within four business days of determining that it was a material incident.
Mandatory disclosures regarding the board of directors’ oversight of cybersecurity risk as well as details about the cybersecurity expertise and experience of individual board members.
Mandatory disclosures about management’s role in addressing cybersecurity risk.
The SEC action has — or should have — security leaders, their C-suite colleagues, and board directors prepping for the new steps they’ll have to follow. And it should have executives at private companies and other entities taking note, as the SEC action could have a trickle-down impact.
To read this article in full, please click here
More Stories
Kryptina Ransomware Resurfaces in Enterprise Attacks By Mallox
Kryptina, a free Ransomware-as-a-Service tool available on dark web forums, is now being used by Mallox ransomware affiliates Read More
Hacking the “Bike Angels” System for Moving Bikeshares
I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system...
Vulnerabilities Found in Popular Houzez Theme and Plugin
The flaws are dangerous as the Houzez theme and Login Register plugin could allow privilege escalation by unauthenticated users Read...
Russian Cyber-Attacks Home in on Ukraine’s Military Infrastructure
An overall rise in cyber incidents coming from Russian-aligned adversaries in 2024 was accompanied by a decrease in high and...
Quantum Computing and Cybersecurity – Preparing for a New Age of Threats
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of...
LinkedIn Pauses GenAI Training Following ICO Concerns
The Information Commissioner’s Office says it’s pleased that LinkedIn has temporarily suspended its generative AI model training Read More