The US Securities and Exchange Commission (SEC) has proposed a new rule that would force public companies to disclose cyberattacks within four days. Industry leaders reacted on how this new rule will ensure that organisations are more transparent with their stakeholders.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Public organizations are a key target for cybercriminals, and it often pays. Mimecast’s research show that the average ransomware attack payment for successfully targeted US organizations is $6 million and more that £600,000 for UK organizations. Aside from the financial damage caused by these attacks, organizations also risk losing the trust their stakeholders including customers, investors and employees place in them. To demonstrate just how risky it is to pay a ransom, our latest State of Email Security report found when faced with a ransomware attack, 64% of respondents reported they paid the ransom, yet nearly 4 out of 10 of them failed to recover their data.
The proposed new rule by the SEC, which would require public organizations to disclose cyberattacks withing four days, will ensure that organisations are transparent when it comes to disclosing breaches and should also help their leaders place more importance on cyber resilience.
Cyberattacks are the on rise and it is often a question of if, not when one will occur. It is vital business leaders have adequate, multi-layered cybersecurity measures in place as well as a well-rehearsed cyber resilience response plan. Cybersecurity awareness training for their staff that is frequent and engaging is also a crucial defence against cyberattacks.