The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they’re material incidents.
The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they’re material incidents.
In fact, if it’s something that affects the customers generally, I looks like disclosure might no longer be so important, since they seem to allow delaying the disclosure if it risks “public safety”.
So a company might keep a backdoor secret if it’s for the sake of national security / surveillance.