Skip to content
Article

In the SEC’s Cyber Disclosure Rules, Timing Is a Sticking Point

March 8, 2024 | 1 minutes reading time | By David Weldon

Risk and operational concerns center on a four-day reporting deadline, while other principles and objectives are less contested.

Assessment and reporting of cybersecurity incidents, long ingrained as risk-management and business-continuity imperatives, have gotten even closer scrutiny at companies subject to Securities and Exchange Commission cyber disclosure requirements. A rule that took effect in December, mandating release of information on a material breach within four business days, magnified complaints about its complexity, costs and consequences.

In addition to the four-day rule, which applies when there may be significant impact on a listed company’s operations or financial condition, annual disclosures are now required regarding cyber risk management, strategy and governance.

The financial services industry, which is widely regarded as among the most experienced and best prepared in cybersecurity and has supported public- and private-sector strategic and policy cooperation, is less on board with the four-day deadline. Heather Hogsett of the Bank Policy Institute’s BITS technology division summarized the objections in a blog article that argued for reconsideration:

 Heather Hogsett of Bank Policy Institute

“In some cases, disclosure [of an...

to access this content.

Become a GARP Member to Unlock Exclusive Risk Insights and More!

  • Access timely articles, thought leadership, and an archive of on-demand webcasts, event recordings, and Chapter meeting presentations in our Member Multimedia Library.
  • Get regulatory capital data for global and regional banks in North America, Europe, Asia, and Africa through our Pillar 3+ data analytics platform from the GARP Benchmarking Initiative (GBI®).
  • Gain priority registration to attend any worldwide Chapter meeting for free, as well as preferential rates for GARP events and access to local members-only dinners and professional networking opportunities.
  • Receive comprehensive access via our digital GARP Learning platform to the latest curriculum readings, videos, end of chapter practice questions, and more for the program(s) of which you passed the exam(s).

Topics: Regulation & Compliance

Trending

Article

How to Make Stress Tests More Constructive and Informative

February 28

The emphasis in the Fed’s 2025 CCAR exercise is on transparency, which...

Stress Testing & Scenario Analysis
Read Article
Article Members Only

Currencies, Trade and Other Tensions: India’s Balancing Act

February 28

A growth driver within the BRICS bloc “will pursue whatever benefits i...

Geopolitical
Read Article
Article

Technology Risk Lessons from the Rise of DeepSeek

February 28

The rapid ascension of a relatively obscure Chinese AI provider should...

Risks & Risk Factors
Read Article