The Source for Cyber Insurance News, Insights and Data
We’ve reported extensively on the SEC cyber disclosure rule that requires public companies to submit 8-K filings when they’re hit with cyber attacks. For some reason, the rule has attracted criticism from several media outlets in recent days. Earlier this week Bloomberg Law provided a critical review (under paywall) of how companies have responded to … Read more
Four companies have settled charges by the Securities and Exchange Commission (SEC) that they made “materially misleading disclosures” after being breached in 2020 by the SolarWinds’ Orion software hack (US public companies have been required to disclose material cyber events since last year, see this.) But two of five SEC commissioners dissented on the charges, … Read more
Progress Software Corporation (PRGS) is the provider of MOVEit Transfer software, a program responsible for what is widely considered the largest hack so far in 2023, impacting at least 2,000 enterprises and 60 million individuals, according to media reports. The Company has now issued a 10Q report (10/10/23) providing details on the attack and recoveries … Read more
Here are some of the new reports from law firms about the SEC Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules (see a useful observation from Woodruff Sawyer after the list): Among the useful observations are these from Woodruff Sawyer (there are more at this link): “The SEC asserts that the rule is not … Read more
The U.S. Securities and Exchange Commission (SEC) has issued its new cybersecurity rule, which aims to enhance transparency and accountability in managing cyber risks. The rule requires businesses to promptly report any material cyber breaches within four business days. Additionally, companies are obligated to disclose their processes for managing cybersecurity risks. The SEC asserts this … Read more