The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they’re material incidents.

  • Ferk@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    In fact, if it’s something that affects the customers generally, I looks like disclosure might no longer be so important, since they seem to allow delaying the disclosure if it risks “public safety”.

    In some instances, the disclosure timeline may also be postponed if the U.S. Attorney General determines that an immediate disclosure would pose a significant risk to national security or public safety.

    So a company might keep a backdoor secret if it’s for the sake of national security / surveillance.