SEC rule confusion continues to put CISOs in a bind a year after a major revision | CSO Online

Companies are still struggling to understand and comply with the US Securities and Exchange Commission’s (SEC) cybersecurity breach reporting rules, a year after their implementation. The SEC’s enforcement actions against companies that fail to disclose material breaches have increased, but the lack of clear guidance on what constitutes materiality has led to confusion and fear among CISOs and other executives. To mitigate risks, companies should prioritize transparency, prepare for potential disclosures, and understand their supply chain impact.