SECâs 6-year-old cybersecurity guidance slated for major update>
Software Development Timwa – Matt Santamaria
The U.S. Securities and Exchange Commission (SEC) is updating its cybersecurity guidance that provides information on how publicly traded companies should report data breaches to their investors. The updates are expected to take effect in the first and second quarter of this year, and it will require that investors are notified of all data breaches, instead of only notifying them of major cyber attacks. The new update will include rules about sending timely breach notifications to senior management. Secondly, the upcoming guidance is expected to address how firms should disclose cybersecurity events that represent a material risk to their investors. In addition, it will provide information on how firms can create a blackout to prevent insider trading following a cybersecurity event. âThere is no doubt that with the combination of incoming GDPR implementation and the Equifax event last year, the SEC will increase the spotlight on Incident Response preparedness,â said Sprickerhoff. âFinancial organizations with affiliate or domiciled firms in the U.S. must be prepared to present documentation, policies and procedures, and tangible evidence related to cybersecurity matters, or face the consequences.â
Link: https://sdtimes.com/security/secs-6-year-old-cybersecurity-guidance-get-major-update/