- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Adrianne Appel2023-10-05T19:58:00
The timing of a recent cyberattack against Clorox juxtaposed against the Securities and Exchange Commission’s (SEC) adoption of its cybersecurity incident disclosure rule soon to take effect has presented a case study regarding how companies might seek to meet the requirements of the rule.
The SEC’s rule, finalized in July, will require public companies to disclose the nature, scope, timing, and impact of cybersecurity incidents deemed to be material within four business days. Large companies could be required to begin making the new disclosures as soon as December.
The case of Clorox’s cyberattack has been chronicled by media outlets, including the Wall Street Journal, as an example of what those types of disclosures might look like.
Clorox disclosed in an Aug. 14 regulatory filing it had been disrupted by a significant cybersecurity incident. A follow-up disclosure more than a month later revealed it shut down automated order processing and was handling orders manually, which impacted operations.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Register for free
Access one free, non-premium article each month.
Complimentary CPE webcasts, resources, and e-Books.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Cleaning products company Clorox disclosed the major cybersecurity incident that led to a shutdown of its automated order processing late last year has cost it about $49 million.
Businesses seeking additional time before disclosing to the Securities and Exchange Commission the occurrence of a material cybersecurity incident must be prepared to provide detailed information on the matter to the Federal Bureau of Investigation.
MGM Resorts International said it expects to take a $100 million hit as part of the fallout of a cyberattack that has most significantly impacted its Las Vegas operations.
The massive cyberattack on Change Healthcare has potentially compromised the personal and protected health information of an untold number of Americans, according to parent company UnitedHealth Group.
AT&T said personal account data on approximately 73 million current and former customers was released on the dark web two weeks ago but has not yet identified when and where the breach occurred.
When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.
