Cybersecurity incident reports among public companies have increased by 60% since the Securities and Exchange Commission adopted new cyber disclosure rules last year, with over three-quarters of disclosures submitted within eight days of incident discovery, CyberScoop reports.However, growing hesitancy and challenges in conducting immediate intrusion assessments necessary to avoid penalties from the SEC have led to materiality being detailed in only a tenth of incident disclosures this year, according to a report from M&A and finance-focused law firm Paul Hastings LLP, which also showed the increasing prevalence of third-party breaches. "Materiality is a sliding scale, weighing risk and likelihood of impact. The exact same breach could happen to two different companies, and based on size of the company and effectiveness of their incident response, one may have to disclose and the other may not," said Paul Hastings Data Privacy and Cybersecurity Practice co-Chair Michelle Reed.
Incident Response
Cyber incident disclosures to SEC spike

Today’s columnist, Erwan Keraudy of CybelAngel, writes that new stringent SEC reporting rules may push companies to get boards more involved in cybersecurity. (Photo by Chip Somodevilla/Getty Images)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



