The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they’re material incidents.

    • roofuskit@kbin.social
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Concealing liabilities from investors it’s a pretty big deal. Keep in mind, the reason this targets publicly traded companies is that they want to protect investors, not the customers of the company.

      • Ferk@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        In fact, if it’s something that affects the customers generally, I looks like disclosure might no longer be so important, since they seem to allow delaying the disclosure if it risks “public safety”.

        In some instances, the disclosure timeline may also be postponed if the U.S. Attorney General determines that an immediate disclosure would pose a significant risk to national security or public safety.

        So a company might keep a backdoor secret if it’s for the sake of national security / surveillance.