back to article SEC proposes four-day rule for public companies to report cyberattacks

A new rule proposed by the US Securities and Exchange Commission (SEC) would force public companies to disclose cyberattacks within four days along with periodic reports about their cyber-risk management plans. Specifically, the proposed rule would amend the Form 8-K reporting requirements to include cybersecurity incident …

  1. Clausewitz 4.0 Bronze badge
    Devil

    Disruptive Cyber

    Try to protect those networks with SCADA interconnections.. Like valves, gas pumps, fissile material, eletric grid switches, heavy machinery, etc...

    The rest is just childs play. They will encrypt a few documents/databases and your insurance will cough up some millions to the kids.

    Business as usual.

  2. HildyJ Silver badge
    Thumb Up

    Good but legislation still needed

    The SEC action is a welcome one as it will apply to publicly traded companies in general.

    But the congressional legislation is still needed since some companies are privately held (like Kaseya) or otherwise don't fall under the order.

    1. Yet Another Anonymous coward Silver badge

      Re: Good but legislation still needed

      It also incentives companies to reduce security monitoring. If you don't know about an attack, you don't have to report it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022