this post was submitted on 27 Jul 2023
257 points (99.2% liked)

Technology

61048 readers
3774 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s
enu
technopagan
L4s
257
U.S. rule requires public companies to disclose cybersecurity breaches in 4 days (www.ctvnews.ca)
submitted 2 years ago by L4s to c/technology
7 comments fedilink hide all child comments
 

U.S. rule requires public companies to disclose cybersecurity breaches in 4 days::The Securities and Exchange Commission adopted rules Wednesday to require public companies to disclose within four days all cybersecurity breaches that could affect their bottom lines. Delays will be permitted if immediate disclosure poses serious national security or public safety risks.

top 7 comments
sorted by: hot top controversial new old
[–] [email protected] 14 points 2 years ago

Technically, the clock doesn't start ticking on the four-day window for reporting until companies have determined a breach is material.

It's not all breaches. In fact, because this is the SEC, it's about financial impact, not privacy or security.

It's a good start, but I worry that a financial impact based approach creates the wrong incentive.

[–] [email protected] 3 points 2 years ago

Public companies, really? They only managed to gather political will to impose that with securities in mind?

[–] [email protected] 3 points 2 years ago (1 children)

4 days!? That's awfully fucking generous. I would have made the requirement at 24 hours because fuck corporations.

[–] [email protected] 35 points 2 years ago (1 children)

Eh I disagree. You have to give companies time to patch their shit. If they disclose hours or days before they have time to patch that can lead to another breach assuming the vulnerability is shared.

But yes fuck Corporations.

[–] ballzovsteel 15 points 2 years ago* (last edited 2 years ago) (1 children)

This, sometimes not showing all the goods is the best measure. Once it’s known it can become a lot more of a threat.

But yes fuck corporations

[–] BertramDitore 4 points 2 years ago

Fuck corporations.

[–] Veedem 0 points 2 years ago

4 days earth time?