Public companies must disclose to shareholders "material" cybersecurity breaches within four business days of determining important information may have been accessed, according to U.S. Securities and Exchange Commission (SEC) final rules announced July 26 and published in the Aug. 4 Federal Register. We've gathered articles on the news from SHRM Online and other media outlets.
What's a Material Incident?
Information is material if there is a substantial likelihood that a reasonable shareholder would consider it important in making an investment decision. The SEC gave examples of a material impact on a company: harm to a company's reputation, customer or vendor relationships, or competitiveness; and the possibility of litigation or regulatory investigations or actions, including regulatory actions by state and federal governmental authorities.
Requirement Streamlined
In the Federal Register publication of the rules, the SEC said it was streamlining the requirement to focus the disclosure primarily on the impacts of a material incident, rather than on requiring details regarding the incident itself. The company must describe the material aspects of the nature, scope and timing of the incident and the material impact on the company, including its financial condition.
Annual Disclosure Requirement
The SEC rules also require public companies to disclose on an annual basis material information regarding their cybersecurity risk...
Director of School Education Thammem Ansariya has warned that criminal cases would be filed against those spreading false propaganda about the Mega DSC-2025 teacher recruitment process. In a statem...