New rules requiring publicly-listed firms to disclose serious cybersecurity incidents within four days have been adopted by the US Securities and Exchange Commission (SEC).

The tough new rules, although undoubtedly well-intentioned, are likely to leave some firms angry that they being "micromanaged" and - it is argued - could even assist attackers.

Read more in my article on the Tripwire State of Security blog.

Graham Cluley

Source: GrahamCurley
Source Link: https://www.tripwire.com/state-of-security/sec-requires-reporting-cyberattacks-within-4-days-not-everyone-may-it