Key takeaways:
- Under new guidelines by US SEC, public companies in the country would have four days to notify the SEC of any significant cybersecurity issues.
- After the new financial release has been published in the Federal Register, the new guidelines will take effect 30 to 180 days later.
Under new guidelines established by the United States Securities and Exchange Commission (SEC), public companies in the country, including listed cryptocurrency firms, would have four days to notify the SEC of any significant cybersecurity issues.
The US SEC guidelines mandate that any publicly traded corporation disclose any cyberattack within four days of it being judged “material,” except in situations where doing so may pose a risk to public safety or national security.
According to the SEC, the regulations have been adopted as of July 26 and will go into effect 30 days after the adoption release is published in the Federal Register.
Additionally, it will be necessary to provide regular updates on previously reported cybersecurity incidents as well as periodic reporting of a registrant’s policies and practices for identifying and managing cybersecurity risks. It’s still unclear how firms would determine which security lapses could cost them money.
According to the SEC’s statement from July 26, the upcoming guidelines are designed to help investors by enhancing cybersecurity risk management practices. Gary Gensler, the SEC’s chair, stated:
“Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them,”
The majority of publicly traded firms currently disclose cybersecurity risks in their investor materials, but the SEC has not yet required them to do so.
Companies that are publicly traded and overseas private issuers are also required to provide information about how their board manages cybersecurity risks and information on management’s role and level of experience in identifying and controlling material risks from “cybersecurity threats.”
After the new financial release has been published in the Federal Register, the new guidelines will take effect 30 to 180 days later. The entire 180 days will be given to smaller businesses to start making their statements. Any publicly traded corporation in the United States is subject to the new regulations.
According to the SEC, the need for new regulations arose from the growth of digital payments and labor operations and criminals’ capacity to profit from cybersecurity mishaps.
Hacks have a history of disastrously impacting a company’s stock price. A $3.4 million read-only reentrancy attack on EraLend launched a few days ago. However, due to the security compromise, EraLend immediately stopped all borrowing operations on their site.
