|
Cyber Insights Today July 30, 2024
Hosted by Richard Freiberg
Privacy and Security
https://www.buzzsprout.com/1913940/episodes/15231125
I am Richard Freiberg. Today we will be addressing what’s material to the SEC, 7 months into cyber disclosure rules in part 2 of a 2 part series.
We recommend businesses disclose early and update often. While not explicitly required by the rules, several companies have disclosed incidents to the SEC soon after they were discovered. The filings were later updated through amended 8-K disclosures or through additional disclosures in quarterly or annual reports.
Days after discovering a cyberattack in mid-November, Fidelity National Financial disclosed the incident in an 8K with the SEC. They confirmed that an unauthorized actor gained access to some of the company’s systems and stole certain credentials.
The company contained the incident in late November, and updated investors in an amended 8K filing.
After completing its investigation in mid-December, Fidelity National Financial disclosed additional details in an amended January filing revealing 1.3 million customers were potentially impacted by the attack. The company then said it did not expect the attack to have a material impact on earnings.
In another high-profile attack, MGM Resorts disclosed in October that a cyberattack against the company during September would have a $100 million impact on its properties.
The company provided regular updates in quarterly reports and disclosed they were facing investigations from both federal and state regulators in a 10-K annual report filed with the SEC.
In prior years, companies would often completely conceal a ransomware attack, due to concerns about corporate reputation and fears of investor and customer liability.
In many ways, companies have changed their stance on ransomware disclosure, in part due to concerns about reputational harm not from the attack, but the response.
They’re less worried about being the victim of a ransomware attack YET they’re worried about the reputational impact of how they handle it.
SEC Chair Gary Gensler said publicly that materiality in connection with cybersecurity incidents is not a new concept.
“Whether a company loses a factory in a fire or millions of files in a cybersecurity incident it may be material to investors,” Gensler said in a July statement after the SEC approved the incident reporting rule.
Follow Cyber Insights Today on Apple Podcasts or Spotify.
That’s it for Cyber Insights Today.
DON’T BECOME ANOTHER STATISTIC!
Richard Freiberg
Profitability Consultant
Richard Freiberg CPA PC
Phone (980)339-3352
Cell (914)393-0033
www.rmfreibergcpa.com
LinkedIn
to subscribe to Cyber Insights Today
to subscribe to LinkedIn Newsletter Cyber Security
Providing valuable counsel to help boost your company’s bottom line, while navigating competitive forces, industry, and economic risks in today’s challenging environment
|
3 thoughts on “Cyber Insights Today July 30, 2024”
Cybersecurity concerns are vital today.
Cybersecurity impacts all industries. Important to stay proactive!
Cybersecurity is really important! Companies need to share info quickly after attacks. It’s interesting how views on disclosing incidents changed. Trust is key in business!