Published: April 24, 2024 on our newsletter Security Fraud News & Alerts Newsletter.
New rules and regulations for businesses in the U.S. are focused on data breach reporting, a welcome change for many consumers. Chief among them is now a four-day window for businesses to report a cybersecurity incident, with some exceptions. The U.S. Securities and Exchange Commission (SEC) released the new rules now in effect as of mid-December, 2023. It’s a good idea to review them to find out how or if you will be affected to avoid any unwelcome communication from regulators.
As with most new regulations, changes are met with concerns, including over company reputations. With a four-day limit in place to report an incident, it's not much time to mitigate reputation damage with customers.
The second part of this rule requires the breached business to disclose their efforts to manage their own cybersecurity. This also involves disclosing security steps for managing and preventing any previously reported incidents from happening again, a check on cybersecure responsibility.
The exceptions to the four-day disclosure rule center around sensitive data and risks to national security. For instance, it's not practical or smart to expose a U.S. government breach or for an incident where there's not yet a way to mitigate it. Even forced responsibility has its limits with cybersecurity.
Good for Consumers
The SEC regulations aren't meant to punish businesses outright. Rather, it's a welcome step in the right direction for consumers and overall data protection. Companies who choose to keep cybersecurity incidents from becoming known now have to answer to the SEC and the public domain.
The cybersecurity community overall is onboard with the new regulations as they put security in well-needed place of prominence within the business community. If these may affect you, it’s worth taking some time to review them now to avoid problems later. You can go to the SEC’s website for more information. There are links for current regulations as well as those that are proposed.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments