SEC requires firms to report cyberattacks within 4 days, but not everyone may like it

Jul 27, 2023

New rules requiring publicly-listed firms to disclose serious cybersecurity incidents within four days have been adopted by the US Securities and Exchange Commission (SEC).

The tough new rules, although undoubtedly well-intentioned, are likely to leave some firms angry that they being “micromanaged” and – it is argued – could even assist attackers.

Read more in my article on the Tripwire State of Security blog.

Get Free Report & Network Analysis

Please check your email for the free report.