Think Tank Says SEC Cyber Reporting Rules Would Benefit Investors, Cyber Ecosystem

A new report from the Atlantic Council’s Cyber Statecraft Initiative said the Securities and Exchange Commission’s proposed rules requiring publicly traded companies to report cyber incidents within four days would benefit investors and the cybersecurity ecosystem.

According to the report, the rules would enable investors to make informed decisions and allow the creation of publicly accessible and standardized data about cyber incidents.

The SEC previously aimed to finalize the rule in April but the plan was moved to October due to criticisms from business and industry leaders and cybersecurity firms, The Record reported.

According to industry players, the proposal would have similarities with the cyber reporting requirements to be implemented under the 2022 Cyber Incident Reporting for Critical Infrastructure Act, which President Joe Biden signed into law in March 2022.

In a letter to the SEC, industry associations said the agency’s rules would create confusion, providing hackers the opportunity to escalate their attacks. The letter also noted that forcing companies to report would prevent mitigating vulnerabilities immediately and making such reports public would provide hackers with data to further victimize companies and disrupt cyberattack investigations and responses.