Leading cyber group warns of ‘security risks’ in new SEC incident reporting requirement

The new SEC cybersecurity rule will require companies to publicly disclose cyber incidents on a four-day deadline that may be insufficient to effectively remediate a system intrusion, according to the Center for Cybersecurity Law and Policy, a nonprofit security advocacy group.

“The transparency required by this landmark rule may be useful to some investors and prompt stronger security practices. However, the new requirements to disclose material cyber incidents on a short deadline creates security risks to companies,” CCPL’s Harley Geiger...