SEC Issues New Guidelines for Disclosing Cybersecurity Risks

The U.S. Securities and Exchange Commission issued new guidance calling on public companies to be more forthcoming when disclosing cyber security risks within their organization, even before a breach or cyber-attack occurs.

The commission’s five members voted unanimously to approve the guidance, however, both democratic commissioners feel there needs to be more action taken by companies. These two members hope that this is just the first step towards defeating actors who use technology to threaten the United States.

In the guidance, the commission urged companies to create policies that allow them to quickly assess cyber security risks and decide when to tell the public, and also prevent executives, board members, and other corporate insiders from trading shares when they having important information that hasn’t been released to the public yet.

“Given the frequency, magnitude and cost of cybersecurity incidents, the commission believes that it is critical that public companies take all required actions to inform investors about material cybersecurity risks and incidents in a timely fashion, including those companies that are subject to material cyber security risks but may not yet have been the target of a cyber-attack,” the SEC said.

The SEC added that while companies are not required to disclose sensitive information that could compromise the company’s’ cyber security measures, they absolutely cannot use internal or law enforcement investigations as an excuse for not informing the public of the security incident, something that’s been done all the often in the past.

The SEC did not mention any specific security incidents in the guidance, but it does come just a few months after the massive Equifax data breach that impacts over 145 million individuals. Equifax was harshly criticized for how low they took to inform users about the incident that was one of the largest breaches of consumer private financial data in history. The Justice Department is also investigating Equifax for large sales of shares by executives made between when the company learned of the breach and when it became public.

 

Read the article on Tech Crunch

 

Cloud and Container Security
The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
Information
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.