You have 4 free post views remaining. Please consider logging in.

Cyber Insights Today July 30, 2024






Cyber Insights Today July 30, 2024



View this email in your browser

Cyber Insights Today July 30, 2024

Hosted by Richard Freiberg

Privacy and Security

https://www.buzzsprout.com/1913940/episodes/15231125
 
I am Richard Freiberg. Today we will be addressing what’s material to the SEC, 7 months into cyber disclosure rules in part 2 of a 2 part series.

We recommend businesses disclose early and update often. While not explicitly required by the rules, several companies have disclosed incidents to the SEC soon after they were discovered. The filings were later updated through amended 8-K disclosures or through additional disclosures in quarterly or annual reports. 

Days after discovering a cyberattack in mid-November, Fidelity National Financial disclosed the incident in an 8K with the SEC. They confirmed that an unauthorized actor gained access to some of the company’s systems and stole certain credentials.

The company contained the incident in late November, and updated investors in an amended 8K filing.
After completing its investigation in mid-December, Fidelity National Financial disclosed additional details in an amended January filing revealing 1.3 million customers were potentially impacted by the attack. The company then said it did not expect the attack to have a material impact on earnings.
In another high-profile attack, MGM Resorts disclosed in October that a cyberattack against the company during September would have a $100 million impact on its properties. 

The company provided regular updates in quarterly reports and disclosed they were facing investigations from both federal and state regulators in a 10-K annual report filed with the SEC.
In prior years, companies would often completely conceal a ransomware attack, due to concerns about corporate reputation and fears of investor and customer liability. 

In many ways, companies have changed their stance on ransomware disclosure, in part due to concerns about reputational harm not from the attack, but the response.

They’re less worried about being the victim of a ransomware attack YET they’re worried about the reputational impact of how they handle it. 

SEC Chair Gary Gensler said publicly that materiality in connection with cybersecurity incidents is not a new concept. 

“Whether a company loses a factory in a fire or millions of files in a cybersecurity incident it may be material to investors,” Gensler said in a July statement after the SEC approved the incident reporting rule. 

Follow Cyber Insights Today on Apple Podcasts or Spotify.

That’s it for Cyber Insights Today.
 
DON’T BECOME ANOTHER STATISTIC! 

Richard Freiberg
Profitability Consultant
Richard Freiberg CPA PC
Phone (980)339-3352
Cell (914)393-0033
www.rmfreibergcpa.com
LinkedIn
to subscribe to Cyber Insights Today
to subscribe to LinkedIn Newsletter Cyber Security

Providing valuable counsel to help boost your company’s bottom line, while navigating competitive forces, industry, and economic risks in today’s challenging environment
 
 

Twitter

Facebook

Website

Copyright © 2024 Richard Freiberg CPA PC, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp


cyberinsights
Author:

Comments from the Peanut Gallery

3 thoughts on “Cyber Insights Today July 30, 2024”

  1. Cybersecurity is really important! Companies need to share info quickly after attacks. It’s interesting how views on disclosing incidents changed. Trust is key in business!

Leave a Comment

Categories

Recent Articles

Scroll to Top

Our goal is to help people in the best way possible. this is a basic principle in every case and cause for success. contact us today for a free consultation. 

Practice Areas

Newsletter

Sign up to our newsletter