Stock photo: Cybersecurity professional. Credit: Gorodenkoff/Adobe Stock

The U.S. Securities and Exchange Commission (SEC) on Wednesday finally adopted stringent new cybersecurity disclosure rules for public companies, 16 months after the agency proposed them.

That lag gave companies an abundance of lead time to prepare for the requirement that has the cybersecurity community most worried: a mandate that companies publicly disclose a breach within four days after determining that it was material.

Still, experts say, companies are a long way from being ready.

Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.

Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
  • Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Hugo Guzman

Hugo Guzman is a reporter on ALM's in-house desk based in California, covering legal departments at disruptive technology companies, as well as labor and employment issues involving the NLRB, EEOC and other regulators. Connect with him at [email protected] today.