Survey: Public companies fear added cyber risks from SEC disclosures
By Adrianne Appel2024-05-14T12:00:00
Large public companies felt largely prepared to comply with the disclosure requirements of the Securities and Exchange Commission’s (SEC) new cybersecurity incident rule in the weeks before it took effect in December, though many felt only somewhat prepared.
Many companies also felt such disclosures and other reporting requirements of the rule could enhance the threat of them being targeted for future cyberattacks.
Of the large accelerated and accelerated filers to respond to a survey conducted by Compliance Week and law firm DLA Piper, all felt either very prepared (65 percent) or somewhat prepared (35 percent) to make a cybersecurity incident disclosure within four business days of determining materiality, as required under the rule. The survey was available online between November and December and received 130 total responses.
It wasn’t surprising that more than a third of the companies weren’t completely prepared ahead of the SEC’s disclosure filing requirements kicking in, said Andrew Serwin, partner at DLA Piper and U.S. chair and global co-chair of the firm’s data protection, privacy, and security practice.