Blog
SEC requires reporting cyberattacks within 4 days, but not everyone may like it.
By Graham Cluley on Thu, 07/27/2023
New rules requiring publicly-listed firms to disclose serious cybersecurity incidents within four days have been adopted by the US Securities and Exchange Commission (SEC). The tough new rules , although undoubtedly well-intentioned, are likely to leave some firms angry that they are being "micromanaged" and - it is argued - could even assist attackers. From December 2023, listed firms are...