Bloomberg reports that the Securities and Exchange Commission (SEC) cyber-disclosure guidance has “become de facto rules for at least six companies” including Google and Amazon. According to letters sent by the SEC, the companies were asked to, in future filings, disclose to investors if systems had undergone a cyberattack. Companies have expressed concerns that such admissions can hurt reputations, provide competitors with important information or give rise to consumer litigation, the report states. In its deliberations on cybersecurity legislation, Congress has assessed ways to encourage firms to disclose data breaches, including a voluntary reporting system. Editor’s Note: The IAPP’s recent web conference, The SEC Guidance on Cybersecurity and Incident Disclosure: What You Need to Know, is available for purchase on demand.
If you want to comment on this post, you need to login.