Some public companies are still trying to figure out how to comply with new rules from the <-bsp-bb-link state="{"bbHref":"bbg://securities/13165Z%20US%20Equity","_id":"0000018c-7db2-db9e-abee-fdbe01910000","_type":"0000016b-944a-dc2b-ab6b-d57ba1cc0000"}">US Securities and Exchange Commission-bsp-bb-link> requiring speedy disclosure of significant cyberattacks.
Those rules, which kicked in Monday, require companies to report cyber incidents within four business days of determining they are “material” to shareholders. The SEC previously required firms to disclose major events that would be of shareholder interest, but didn’t specify cyber events.
Making that determination isn’t so easy, said <-bsp-person state="{"_id":"0000018c-7db2-db9e-abee-fdbe01930000","_type":"00000160-6f41-dae1-adf0-6ff519590003"}">Erez Liebermann-bsp-person>, partner at <-bsp-bb-link state="{"bbHref":"bbg://securities/1169L%20US%20Equity","_id":"0000018c-7db2-db9e-abee-fdbe01930001","_type":"0000016b-944a-dc2b-ab6b-d57ba1cc0000"}">Debevoise & Plimpton-bsp-bb-link> law firm.
In the past three months, Liebermann has advised more than 50 publicly ...
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.