- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Adrianne Appel2024-05-14T12:00:00
Large public companies felt largely prepared to comply with the disclosure requirements of the Securities and Exchange Commission’s (SEC) new cybersecurity incident rule in the weeks before it took effect in December, though many felt only somewhat prepared.
Many companies also felt such disclosures and other reporting requirements of the rule could enhance the threat of them being targeted for future cyberattacks.
Of the large accelerated and accelerated filers to respond to a survey conducted by Compliance Week and law firm DLA Piper, all felt either very prepared (65 percent) or somewhat prepared (35 percent) to make a cybersecurity incident disclosure within four business days of determining materiality, as required under the rule. The survey was available online between November and December and received 130 total responses.
It wasn’t surprising that more than a third of the companies weren’t completely prepared ahead of the SEC’s disclosure filing requirements kicking in, said Andrew Serwin, partner at DLA Piper and U.S. chair and global co-chair of the firm’s data protection, privacy, and security practice.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Erik Gerding, director of the Securities and Exchange Commission’s Division of Corporation Finance, issued a statement addressing early inconsistencies observed under the agency’s new cybersecurity incident disclosure rule.
Apparel company VF Corp., the owner of brands including The North Face, Vans, and Timberland, disclosed its estimation approximately 35.5 million customers had their personal data stolen as part of a cybersecurity incident it uncovered in December.
Companies won’t have an easy path toward earning additional time from the Department of Justice regarding the disclosure of a material cybersecurity incident to the Securities and Exchange Commission as required under a new rule.
A recent survey by surveillance technology firm SteelEye found most financial institutions do not monitor their employees’ use of social media or factor in market risks exacerbated by social media posts.
Few compliance teams describe their access to company data as “robust,” according to a new survey conducted by Compliance Week and NAVEX, while apprehension toward the adoption of artificial intelligence remains a hurdle for the profession to clear.
A new report on corporate whistleblowing and hotline trends in 2023 found reporting volume at an all-time high, with key disparities uncovered between reports filed by third parties and those filed by employees.
