August 24, 2023
Everybody is talking about disclosure rules…
Ok, maybe not everybody, but the SEC and NCUA have been!
The SEC recently adopted rules for disclosure regarding cyber incidents. These rules have been put into place to give investors more insight into the risks associated with public companies, as well as to give these companies a nudge to take steps to improve their cybersecurity practices. This hasn’t come without a little confusion about which incidents to report and what information should be reported. The SEC requires material incidents to be reported on Form 8-K within four (4) days of determining an incident is material. But is that enough time to ensure you have enough data to determine the incident was indeed material? Reporting an incident as material too early, when it turns out not be material after a thorough investigation, can have a negative impact on the company and how investors view it. On the other hand, waiting to say an incident is material while taking too long collecting data may not only cause concern from investors, but also the SEC for waiting too long to report. This is a bit of a no-win situation for public companies. Wanting to see more discussion involving material incidents, how they are defined, and when they should be reported see current rules: https://www.sec.gov/newsroom/press-releases/2023-139
Also, a reminder that the revised NCUA reporting requirements for cyberattacks goes into effect next week (September 1, 2023). We brought this to your attention back in February when the NCUA Board approved the rule. This revised policy states all federally insured credit unions are required to report cyber incidents within 72 hours of discovery. For more details: https://ncua.gov/newsroom/press-release/2023/ncua-board-approves-final-rule-cyber-incident-reporting-requirements
Authored by: Brad Goetsch
You May Want to Read More:
Cloud Solutions - Vendor Management to Security Management - WST
August 17, 2023
Proper due diligence of your vendors is an important part of your information security program. When one of your vendors....
The Next Best Seller? FFIEC BSA Exam Manual Updates - WST
August 10, 2023
It’s been a hot minute, but last week the FFIEC rolled out updates to BSA/AML Examination Manual....
MFA Notification Fatigue Attacks - WST
August 3, 2023
I can still recall my first horror movie starring a werewolf. The bad news was that a scary monster was coming. The good news, there...