On New Sec 4 Day Rule To Report Cyberattacks

By   ISBuzz Team
Writer , Information Security Buzz | Mar 14, 2022 02:36 am PST

The US Securities and Exchange Commission (SEC) has proposed a new rule that would force public companies to disclose cyberattacks within four days. Industry leaders reacted on how this new rule will ensure that organisations are more transparent with their stakeholders.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Francis Gaffney
Francis Gaffney , Director of Threat Intelligence
InfoSec Expert
March 14, 2022 10:36 am

Public organizations are a key target for cybercriminals, and it often pays. Mimecast’s research show that the average ransomware attack payment for successfully targeted US organizations is $6 million and more that £600,000 for UK organizations. Aside from the financial damage caused by these attacks, organizations also risk losing the trust their stakeholders including customers, investors and employees place in them. To demonstrate just how risky it is to pay a ransom, our latest State of Email Security report found when faced with a ransomware attack, 64% of respondents reported they paid the ransom, yet nearly 4 out of 10 of them failed to recover their data.

The proposed new rule by the SEC, which would require public organizations to disclose cyberattacks withing four days, will ensure that organisations are transparent when it comes to disclosing breaches and should also help their leaders place more importance on cyber resilience.

Cyberattacks are the on rise and it is often a question of if, not when one will occur. It is vital business leaders have adequate, multi-layered cybersecurity measures in place as well as a well-rehearsed cyber resilience response plan. Cybersecurity awareness training for their staff that is frequent and engaging is also a crucial defence against cyberattacks.

Last edited 1 year ago by Francis Gaffney

Recent Posts

Would love your thoughts, please comment.x