- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Adrianne Appel2023-10-05T19:58:00
The timing of a recent cyberattack against Clorox juxtaposed against the Securities and Exchange Commission’s (SEC) adoption of its cybersecurity incident disclosure rule soon to take effect has presented a case study regarding how companies might seek to meet the requirements of the rule.
The SEC’s rule, finalized in July, will require public companies to disclose the nature, scope, timing, and impact of cybersecurity incidents deemed to be material within four business days. Large companies could be required to begin making the new disclosures as soon as December.
The case of Clorox’s cyberattack has been chronicled by media outlets, including the Wall Street Journal, as an example of what those types of disclosures might look like.
Clorox disclosed in an Aug. 14 regulatory filing it had been disrupted by a significant cybersecurity incident. A follow-up disclosure more than a month later revealed it shut down automated order processing and was handling orders manually, which impacted operations.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
Equiniti Trust Company has agreed to pay $850,000 to the Securities and Exchange Commission to settle allegations that its failed security measures allowed millions in client funds to be stolen in two cyber incidents.
Cleaning products company Clorox disclosed the major cybersecurity incident that led to a shutdown of its automated order processing late last year has cost it about $49 million.
Businesses seeking additional time before disclosing to the Securities and Exchange Commission the occurrence of a material cybersecurity incident must be prepared to provide detailed information on the matter to the Federal Bureau of Investigation.
American Water Works Company, which supplies drinking water and wastewater to 14 million customers, disclosed a breach of its computer networks and system due to a cybersecurity incident.
The global average cost of a data breach jumped to an all-time high for the second year in a row, but companies can reel in the ballooning drag on profits by adopting artificial intelligence, according to an IBM report.
The U.S. Department of Energy released supply chain cybersecurity principles meant to help strengthen key technologies used to manage and operate electricity, oil, and natural gas systems.
