“We observe the enormous exposure companies have both internally and externally due to their ever-growing supply chain dependencies. Such disclosures, made responsibly by leading companies such as Microsoft for a long time, are now being enforced by the SEC on publicly traded companies and will diffuse rapidly to their entire supply chains. Only last month, CISA announced a significant cyber-attack from China, compromising 25 organizations and agencies in the US, including the state department and Department of Commerce, by hacking Microsoft accounts. The attack allowed the hackers to gain access to sensitive information and compromise various networks, leading to one of the most significant cybersecurity incidents in recent history. In late 2021 SolarWinds, an IT infrastructure company serving tens of thousands of customers, including US government agencies, government entities, and public companies worldwide, revealed a Russian-related attack group had hacked it. The need for rapid disclosure of cybersecurity breaches was evident recently in a few massive cyber events. The new SEC rule encompasses third-party apps and notes how companies increasingly rely on outside cloud services for data management and storage. Many victims of breaches were quick to point out that a third-party application failed them. “The regulator’s insight that accountability should be structured is evidenced by the vendor disclosure requirements defined in last year's executive order, aiming to set superior supply chain visibility for the US critical infrastructure.
cloud services for data management and storage.
The new SEC rule encompasses third-party apps and notes how companies increasingly rely on outside. “Recent years have unfortunately shown that leaving the choice of publicly disclosing a cyber breach in the hands of each company was not serving the best interest of investors and other stakeholders,” he says. “The SEC disclosure requirement is a significant step towards leveraging cybersecurity and protecting the public interest,” says Kobi Freedman, the CEO of, a global supply chain compliance automation platform, already providing these new standards to American top enterprises. Amongst the details required, the company should reveal the dates of discovery, what happened, what data was compromised, and corrective measures taken.
The regulation requires each company and board of directors to be responsible for disclosing material cyber breach details in a structured and defined form, limiting the current companies' flexibility and choice.
The new rules put in place aim to ensure that companies disclose material cybersecurity information, ultimately benefiting investors, companies, and the overall market. The SEC's new cyber disclosure rules require companies to promptly disclose any material cybersecurity incidents within four days of discovery. Regulatory requirements aiming to mitigate those risks are evolving quickly, and enterprises need to adopt standards for cyber risk and supply chain management that are far beyond the current standard in the industry.
0 kommentar(er)
