Wall Street’s watchdog voted to unveil a rule on Wednesday that aims to enhance how public companies disclose when they experience a breach, and how soon.
Under the proposed Securities and Exchange Commission (SEC) measures, a company would have to spell out when it experiences a risk and what strategies it has employed to address and manage such risks in current report filings, including Form 8-K.
The rule changes, which are subject to public consultation, would also require an analysis of how the cyber risks are likely to affect the company’s financials. This would allow investors to assess these risks more effectively, and to locate them more readily, the SEC said.
The 3-1 vote by the commission to issue changes comes at a time of growing regulatory concern about how cyber security issues could affect markets and investors. Regulators have warned, for example, of cyber attacks from Russia in retaliation for Western sanctions.
President Joe Biden’s administration has also ratcheted up its focus on the issue after a recent series of high-profile cyber attacks on U.S.-based companies.
“The interconnectedness of our networks, the use of predictive data analytics and the insatiable desire for data are only accelerating, putting our financial accounts, investments, private information at risk,” SEC Chair Gary Gensler said on Wednesday.
“They’re like honeypots sitting inside of companies and investors want to know more about how issuers are managing those growing risks.”
Wednesday’s measure would also require…
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
