Government Regulations, Ransomware

Disparities in SEC breach disclosure rules evident in CDK Global attack

Share
The official SEC website

Numerous car dealerships across the U.S. reported having their operations impacted by the sweeping ransomware attack against automotive software provider CDK Global to the Securities and Exchange Commission but such an incident was not filed by CDK Global's parent firm Brookfield Business Partners due to the lack of "material impact," according to CyberScoop.

Such a dichotomy was noted by cybersecurity experts to indicate the need to better define materiality in the SEC's breach reporting rules. "Based on my understanding of the ransomware attack on CDK, yes, I believe a reasonable investor would want to know about it because of the nature of the attention it has gotten and the tail that will happen because of that attention. It creates a ton of uncertainty about the kind of scrutiny that's going to follow from this," said Exiger Senior Vice President of Critical Infrastructure Bob Kolasky, who was an assistant director at the Cybersecurity and Infrastructure Security Agency. On the other hand, Recorded Future threat intelligence analyst Allan Liska questioned the lack of materiality determined by Brookfield Business Partners considering the extent of the incident.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.