SEC Rule Requires Cyber Incident Reporting 

Officials say it will benefit companies and investors.

The Securities and Exchange Commission has adopted a new rule under which companies will have to disclose the nature, scope, timing, and impact of cyber incidents that are “material” to investors. Under the regulation, companies will have to report breaches in cyber security within four days. 

SEC Chairman Gary Gensler stated, “Whether a company loses a factory in a fire—or millions of files in a cybersecurity incident—it may be material to investors. Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way.” 

The rule would require companies to explain the processes they use to assess, identify and manage cyber risks. Concerns have been raised regarding the overlap of the regulation with others that currently require reporting to federal agencies, such as the FBI.

The SEC rule will go into effect 30 days after publication in the Federal Register. 

As the Lord Leads, Pray with Us…

  • For Chair Gensler to seek God’s direction as he heads the Securities and Exchange Commission.
  • For the members of the SEC as they issue corporate regulations regarding cyber security.
  • For the president and administration officials as they promote disclosure of cyber incidents.

Sources: The Hill, JD Supra, CNBC


Back to top