{"id":25988,"date":"2024-07-23T08:39:14","date_gmt":"2024-07-23T13:39:14","guid":{"rendered":"https:\/\/fleishmanhillard.com\/?p=25988"},"modified":"2024-07-23T21:33:34","modified_gmt":"2024-07-24T02:33:34","slug":"what-organizations-need-to-know-about-new-sec-data-breach-reporting-requirements","status":"publish","type":"post","link":"https:\/\/fleishmanhillard.com\/2024\/07\/what-organizations-need-to-know-about-new-sec-data-breach-reporting-requirements\/","title":{"rendered":"What Organizations Need to Know About New SEC Data Breach Reporting Requirements"},"content":{"rendered":"
\n
\n
\n

Newly introduced SEC reporting requirements now compel publicly traded companies to report \u201cmaterial\u201d cybersecurity incidents within four business days and outline related details on risk management and strategy in their 10K filings.<\/p>\n\n <\/div>\n <\/div>\n <\/div>\n\n

\n
\n
\n

These new requirements are just one of many indications that governments are taking more public action when it comes to protecting data. Companies are now beginning to understand that the evaluation of their preparation and response may have as much reputational impact as the data breach itself.<\/p>\n\n <\/div>\n <\/div>\n <\/div>\n\n

\n
\n
\n

Adding to the complexity is the quickly evolving regulatory environment in the U.S. that is likely to see further changes and court challenges in the wake of recent Supreme Court decisions.<\/p>\n\n <\/div>\n <\/div>\n <\/div>\n\n

\n
\n
\n

With this increased SEC scrutiny, companies now need to up their game and will have to consider:<\/em><\/p>\n\n <\/div>\n <\/div>\n <\/div>\n\n

\n
\n
\n

Beyond whether they have a response plan or not. Today, the quality of that response plan is even more critical.<\/strong><\/p>\n\n <\/div>\n <\/div>\n <\/div>\n\n

\n
\n
\n

This escalates the need to modernize the approach to response plans \u2013
from crisis planning to investor relations. As quickly as the threat landscape is evolving and organizations themselves change, clients will need to make sure their response plans have adapted as well.<\/p>\n\n <\/div>\n <\/div>\n <\/div>\n\n

\n
\n
\n

How (or if) their plan was rehearsed and reinforced through employee training.<\/strong><\/p>\n\n <\/div>\n <\/div>\n <\/div>\n\n

\n
\n
\n

Immersive and effective table-top training sessions and simulations help
practice established plans. To further increase effectiveness, it\u2019s important to
plan and execute creative and engaging employee training campaigns that
ladder to those plans and priorities as well.<\/p>\n\n <\/div>\n <\/div>\n <\/div>\n\n

\n
\n
\n

Public disclosure requirements in response to a data breach can represent just the beginning of the reputational risk companies face due to government regulations or actions following a data breach:<\/em><\/p>\n\n <\/div>\n <\/div>\n <\/div>\n\n

\n
\n
\n

Disclosing a breach that\u2019s had a material impact on business can lead to
subsequent action by government entities \u2013 and already has in many cases.
Such actions include public investigations and legislative hearings, presenting far greater reputational risk than the initial disclosure.<\/p>\n\n <\/div>\n <\/div>\n <\/div>\n\n

\n
\n
\n <\/p>\n\n <\/div>\n <\/div>\n <\/div>\n\n
\n
\n
\n

As governments face more pressure to act against cybercriminals and protect the data of their citizens, they are also taking additional \u2013 and more public \u2013 steps to hold companies that are compromised by data breaches accountable.<\/p>\n\n <\/div>\n <\/div>\n <\/div>\n\n

\n
\n
\n
\"\"<\/figure>\n\n <\/div>\n <\/div>\n <\/div>","protected":false},"excerpt":{"rendered":"

Newly introduced SEC reporting requirements now compel publicly traded companies to report \u201cmaterial\u201d cybersecurity incidents within four business days and outline related details on risk management and strategy in their 10K filings. These new requirements are just one of many indications that governments are taking more public action when it comes to protecting data. Companies […]<\/p>\n","protected":false},"author":4,"featured_media":25990,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":true,"footnotes":""},"categories":[23],"tags":[],"class_list":["post-25988","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-expertise"],"acf":[],"_links":{"self":[{"href":"https:\/\/fleishmanhillard.com\/wp-json\/wp\/v2\/posts\/25988","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fleishmanhillard.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fleishmanhillard.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fleishmanhillard.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/fleishmanhillard.com\/wp-json\/wp\/v2\/comments?post=25988"}],"version-history":[{"count":0,"href":"https:\/\/fleishmanhillard.com\/wp-json\/wp\/v2\/posts\/25988\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fleishmanhillard.com\/wp-json\/wp\/v2\/media\/25990"}],"wp:attachment":[{"href":"https:\/\/fleishmanhillard.com\/wp-json\/wp\/v2\/media?parent=25988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fleishmanhillard.com\/wp-json\/wp\/v2\/categories?post=25988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fleishmanhillard.com\/wp-json\/wp\/v2\/tags?post=25988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}