Federal government officials said on Wednesday that they are taking great pains to make sure that a Securities and Exchange Commission cyber incident disclosure rule wouldn’t leave companies more vulnerable to attacks.
One of the main criticisms from industry groups is that the four-day disclosure window in the rule could have the opposite effect, giving hackers a road map to carry out more attacks.
But the rule isn’t designed to provide that level of specificity that might help attackers, an SEC official said at the Aspen Cyber Summit on Wednesday. Instead, it’s about “materiality” — a legal standard about whether something is likely to have significantly altered information used in deciding whether to invest.
Furthermore, the rule allows companies to go to the Justice Department and seek a delay on disclosure if the attorney general deems that such a disclosure would harm national security. Justice Department officials said at the summit Wednesday that they were also ramping up the policies and procedures to help companies work with them in such situations.
‘Enforcement 40’ for 2020
Join Us On LinkedIn
Join the Securities Litigation and Enforcement Group on LinkedIn