The Securities and Exchange Commission has officially reached the implementation dates for its historic cyber incident reporting requirements. The rules, which require companies to report material cyber incidents within four business days of determination, are leading to significant changes in how companies prepare for and implement cyber risk strategies at the highest levels of publicly […]
One of the biggest apparel companies in the world reported a “material” cyberattack to the U.S. Securities and Exchange Commission (SEC) on the first day that a new cyber incident reporting rule went into effect. VF Corporation said it detected unauthorized activity on a portion of its information technology systems on December 13 and was […]
The leader of the Securities and Exchange Commission’s Division of Corporate Finance downplayed concerns that the agency’s new cybersecurity rules will provide a roadmap to threat groups about their attacks or place an undue burden on security executives. Erik Gerding, director of the Division of Corporate Finance, said staff carefully considered those issues as part […]
The FBI has published guidance on how companies can request a delay in disclosing cyber incidents to the Securities and Exchange Commission (SEC). The document is a followup to new rules that the SEC approved in June requiring companies to quickly disclose “material” cybersecurity incidents and share the details of their cybersecurity risk management, strategy […]
Editor’s note: This story is developing and will be updated. The Securities and Exchange Commission charged SolarWinds and its CISO Timothy Brown with fraud and internal control failures for allegedly misleading investors about its cybersecurity practices leading up to the Sunburst attack discovered in December 2020. The SEC on Monday alleged the company overstated its […]
The US Securities and Exchange Commission is launching its own investigation into the vulnerability in Progress Software’s MOVEit transfer tool that exposed data from more than 2,000 organizations and 60 million individuals. Tracked as CVE-2023-34362, the flaw was exploited as a zero-day by the notorious Russia-linked Cl0p ransomware group to steal data from organizations using […]
The Securities and Exchange Commission introduced new requirements for disclosing material cybersecurity incidents on Sept. 5, placing pressure on organizations to adopt robust reporting mechanisms. The C-suite impact is clear: company leadership must be able to quickly determine whether an incident is material to business operations. A four-business-day clock at that point starts ticking, a […]