Advertisement
Canada markets closed
  • S&P/TSX

    22,011.72
    +139.76 (+0.64%)
     
  • S&P 500

    5,070.55
    +59.95 (+1.20%)
     
  • DOW

    38,503.69
    +263.71 (+0.69%)
     
  • CAD/USD

    0.7321
    +0.0020 (+0.27%)
     
  • CRUDE OIL

    83.40
    +1.50 (+1.83%)
     
  • Bitcoin CAD

    90,598.66
    -288.34 (-0.32%)
     
  • CMC Crypto 200

    1,426.91
    +12.15 (+0.86%)
     
  • GOLD FUTURES

    2,335.70
    -10.70 (-0.46%)
     
  • RUSSELL 2000

    2,002.64
    +35.17 (+1.79%)
     
  • 10-Yr Bond

    4.5980
    -0.0250 (-0.54%)
     
  • NASDAQ futures

    17,656.50
    +306.50 (+1.77%)
     
  • VOLATILITY

    15.69
    -1.25 (-7.38%)
     
  • FTSE

    8,044.81
    +20.94 (+0.26%)
     
  • NIKKEI 225

    37,552.16
    +113.55 (+0.30%)
     
  • CAD/EUR

    0.6837
    -0.0013 (-0.19%)
     

New SEC cyber rules: Everything you need to know

Corporate America has a new set of cybersecurity rules to follow starting December 18, which could mean you’ll start learning more quickly and more frequently about cyber attacks.

The new standards from the Securities and Exchange Commission (SEC) require companies to disclose a breach within four days of determining the hack will have a material impact – meaning it’ll cost the company.

Cyber disclosures (00:00:25)
"You're going to get an increase of cyber disclosures and regulations, and you're going to see more and more of these happen over the course of next year," Diligent CEO Brian Stafford said. "You're going to be able to look and compare, why did the company disclose this when their competitor didn't disclose this? You're going to look at the extent of the disclosure, and you're going to find investors ... holding an even higher bar up to the level of oversight provided in cyber across many companies."

Implications for cyber industry (00:00:55)

ADVERTISEMENT

"We see in the background of all this, more coordination among attackers, increasing levels of attacks, and now new SEC reporting requirements that require very timely disclosures," Macquarie U.S. Head of Software Research Fred Havemeyer said. "We do think that this sets up constructive demand tailwinds for the entire cybersecurity industry."

Challenges of cyber regulations (00:01:25)
"The people behind these attacks, they've also jumped on this as well. So they're using that opportunistically, if they attack an organization, they're trying to hold them ransom," CrowdStrike (CRWD) President Michael Sentonas said. "So it's an interesting time, a lot of organizations are trying to work it out ... We can help you understand how to report and how to be more compliant to these new regulations. We do that for companies around the world."

Video Transcript

JULIE HYMAN: Corporate America has a new set of cybersecurity rules to follow starting December 18, and it could mean you'll start learning more quickly and more frequently about cyber attacks. The new standards from the Securities and Exchange Commission require companies to disclose a breach within four days of determining that hack will have a material impact, meaning it'll cost the company.

BRIAN STAFFORD: You're going to get an increase of cyber disclosures and regulations and you're going to see more and more of these happen over the course of the next year. You're going to be able to take a look at and compare, why did a company disclose this when their competitor didn't disclose this?

You're going to look at the extent of the disclosure and you're going to find investors, activist investors, regulators holding an even higher bar up to the level of oversight provided in cyber across many companies.

JULIE HYMAN: On the other hand, this could give a boost to cybersecurity businesses.

FRED HAVEMEYER: We see in the background of all of this, more coordination among attackers, increasing levels of attacks, and now new SEC reporting requirements that require very timely disclosures. So we do think that this sets up constructive demand tailwinds for the entire cybersecurity industry for those best of breed platforms, and companies also that can provide real time analytics and risk visibility.

JULIE HYMAN: While this may give investors and regulators more information, companies have argued it'll be a challenge to comply.

MICHAEL SENTONAS: Here's the thing, the adversaries, the attackers, the people behind these attacks, they've also jumped on this as well. So they're using that opportunistically. So if they attack an organization, they're trying to hold them to ransom and say, hey, if you work with us here we're actually going to report you to the SEC. And we're actually seeing examples where attackers are compromising organizations, they're doing the reporting for you.

So it's an interesting time a lot of organizations are trying to work out how can they find out fast enough? How can they report to the SEC? How can they get that information out to their shareholders? We can help you understand how to report and how to be more compliant to these new regulations. We do that for companies around the world.