A Done Deal: Corporate Cybersecurity Now The SEC’s Business

By on August 21, 2018

August 21, 2018

The SEC has made clear that it requires disclosure not only about breaches, but also about the risk of a breach. That means even though the U.S. has nothing like Europe’s 72-hour reporting rule, part of the GDPR, it does have a de facto reporting rule. This Forbes article summarizes recent SEC statements and their implications for public companies, which now have to report potential cyber-breach risk as well as material incidents in their quarterly (10-Q), yearly (10-K) and when necessary in their 8-K Current Report filings. Statistics from the Ponemon Institute graphically illustrate the potential materiality of the issue. Its 2017 survey pegged the average incident cost at $3.6 million. Another study finds the average cyber insurance claim for large companies is about $3.2 million, a figure that is said to include hard costs only, and not such things as reputational damage.

Read the full article at:


Leave a Reply

Your email address will not be published. Required fields are marked *