Cybersecurity incident reports among public companies have increased by 60% since the Securities and Exchange Commission adopted new cyber disclosure rules last year, with over three-quarters of disclosures submitted within eight days of incident discovery, CyberScoop reports.
However, growing hesitancy and challenges in conducting immediate intrusion assessments necessary to avoid penalties from the SEC have led to materiality being detailed in only a tenth of incident disclosures this year, according to a report from M&A and finance-focused law firm Paul Hastings LLP, which also showed the increasing prevalence of third-party breaches. "Materiality is a sliding scale, weighing risk and likelihood of impact. The exact same breach could happen to two different companies, and based on size of the company and effectiveness of their incident response, one may have to disclose and the other may not," said Paul Hastings Data Privacy and Cybersecurity Practice co-Chair Michelle Reed.
