SEC Sets 4-Day Deadline for Public Companies to Report Hacks (3)
Data privacy attorney Shardul Desai was quoted in an article published by Bloomberg Law discussing how companies hit by cyberattacks are facing a four-day deadline for publicly disclosing significant impact under controversial new rules recently approved by the U.S. Securities and Exchange Commission (SEC). The new rules would require publicly traded firms to file details of a cyberattack within four days of identifying that is has a material impact. In the article, Mr. Desai said companies were concerned that the SEC was vague in defining how an incident would become material in the regulator’s eyes.
"How much detail is going to be required in that 8K filing without these companies knowing all the details?" Mr. Desai said.