Welcome to SEC Roundup, a bimonthly video collection by former Securities and Trade Fee senior trial counsels Nick Morgan and Tom Zaccaro, founders of the nonprofit advocacy group Investor Alternative Advocates Community.
Hear in as former federal cybercrime prosecutor, Joe Sullivan, describes the attainable unintended destructive penalties of the SEC’s newly efficient cyberattack disclosure rule.
The SEC cybersecurity incident disclosure guidelines that went into impact in December require public firms to report “materials” cybersecurity incidents inside 4 enterprise days of figuring out the incident’s materiality.
As the previous chief safety officer of Fb and Uber who skilled his personal travails coping with cyberattacks, Sullivan is worried that the SEC’s rule could lead to untimely or inadvertently inaccurate disclosures due to the inherent battle between the chief data safety officer’s correct impulse to “pull each hearth alarm” on the first trace of a hack and the quickly evolving, forensically difficult nature of cyber breaches.
Opposite to the SEC’s objective in promulgating the rule, most of the ensuing disclosures could look extra like crying wolf and shouting hearth in a crowded theater — with out a lot profit to buyers.