Rule Hastening Disclosure of Cyber Breaches Likely to Ignite Litigation, Insurance Headaches
Cybersecurity and data privacy attorney Shardul Desai was featured in a Corporate Counsel article discussing the challenges public companies will face in complying with the U.S. Securities and Exchange Commission's (SEC) new cybersecurity incident reporting rule. The rule requires public companies to report cybersecurity incidents deemed material within four days and provide annual disclosures on cybersecurity risk management and oversight. Mr. Desai emphasized the importance of companies assessing their third party vendors' cybersecurity protocols and suggested including timely disclosure provisions in contracts to help ensure materiality determinations can be made to comply with the shortened reporting timeline.
"If the parties understand the types of information that can be shared quickly during a cybersecurity incident, it would go a long way to ensure that companies meet their requirement," he said.