Author Topic: Banks must publicly disclose data breaches under new SEC rule | American Banker  (Read 1331 times)


  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16541
  • Debbie says...
    • View Profile
"The rule, which the SEC proposed in March 2022, will give investors and the public at large a more consistent, comparable, and decision-useful way to learn about breaches, according to SEC Chair Gary Gensler, who voted in favor of the final rule.

The key difference between the four-day rule and the many state and federal cybersecurity reporting rules banks already have to follow is that now, public breach disclosures will happen weeks faster than before, and in all jurisdictions.

Public companies do not have to disclose technical specifics of their incident response plans or the potential vulnerabilities involved in the incident by the four-day mark, according to the rule. Rather, they must provide a high-level overview of what took place."