Skip to content
Article

There Is More to Cyber Incident Reporting Than SEC Disclosure Requirements

September 13, 2024 | 1 minutes reading time | By David Weldon

Filing “similar but distinct” reports to multiple agencies diverts resources from dealing with attacks and their aftermath, critics say.

The Securities and Exchange Commission has given regulated entities a steady stream of new rules to comply with and often complain about. Since last December, registrants’ cybersecurity challenges have been compounded by having to disclose material breaches within as few as four business days, and to include in annual reports details about such incidents and how cyber risks are being managed.

In May, amendments were adopted to SEC Regulation S-P calling for written policies and procedures on how financial firms deal with unauthorized access to customer information. “The basic idea for covered firms is, if you’ve got a breach, then you’ve got to notify. That’s good for investors,” said SEC Chair Gary Gensler.

The four-day rule sounded draconian to some. The concerns were at least marginally mollified by when the clock starts ticking: only at the point when an incident’s impact is determined to be material. (See In the SEC’s Cyber Disclosure Rules, Timing Is a Sticking Point)

However, there is more than just the SEC’s cyber-related mandates to contend with.

At a July 25 hearing of a cybersecurity-focused subcommittee of the House...

to access this content.

Become a GARP Member to Unlock Exclusive Risk Insights and More!

  • Access timely articles, thought leadership, and an archive of on-demand webcasts, event recordings, and Chapter meeting presentations in our Member Multimedia Library.
  • Get regulatory capital data for global and regional banks in North America, Europe, Asia, and Africa through our Pillar 3+ data analytics platform from the GARP Benchmarking Initiative (GBI®).
  • Gain priority registration to attend any worldwide Chapter meeting for free, as well as preferential rates for GARP events and access to local members-only dinners and professional networking opportunities.
  • Receive comprehensive access via our digital GARP Learning platform to the latest curriculum readings, videos, end of chapter practice questions, and more for the program(s) of which you passed the exam(s).

Topics: Cybersecurity

Advertisement

Share

Trending