The Security and Exchange Commission (SEC) of the United States has approved a new regulation mandating that publicly traded companies report any cyber attacks within four days of the attack’s occurrence or detection. The aim is to prevent companies from withholding vital information from investors for extended periods. However, reporting breaches within a specific time frame of significant financial impact is not strictly enforced. Affected companies must provide comprehensive details regarding the nature, scope, and time of the attack within a 96-hour window. They are also given an additional 60 days to disclose further information about incident response measures, impacted networks and devices, overall financial losses incurred, and system vulnerabilities. OpenAI, Microsoft, and Google have jointly established the Frontier Model Forum to ensure the safe and responsible development of AI models. Several other countries have already established similar frameworks for reporting cyber incidents.
Key Points:
1. The SEC has approved a new regulation requiring publicly traded companies to report cyber attacks within four days of the attack’s occurrence or detection.
2. Affected companies must provide comprehensive details about the attack within a 96-hour window, including engaging security experts to investigate and identify responsible parties.
3. The SEC allows an additional 60 days for companies to disclose further information about incident response measures, impacted networks, financial losses, and system vulnerabilities.
4. OpenAI, Microsoft, and Google have established the Frontier Model Forum to ensure the safe and responsible development of AI models.
5. Several other countries, including Canada, the UK, South Africa, and Australia, have established similar frameworks for reporting cyber incidents.
