New SEC rules trigger 60% increase in cybersecurity incident reporting

SEC

Following the US SEC implementation of stringent cybersecurity disclosure regulations in 2023, there has been a marked increase in the reporting of cybersecurity incidents by publicly listed companies.

According to Cyberscoop, a report from the prestigious law firm Paul Hastings LLP, which holds a significant standing in finance and M&A legal practices, reveals a 60% rise in such disclosures.

Michelle Reed, the co-chair of the firm’s data privacy and cybersecurity practice, pointed out that this surge is mainly due to companies aiming to avoid penalties by disclosing incidents promptly. According to the firm’s findings, an impressive 78% of these disclosures were reported within just eight days of the incident’s discovery.

This rapid response to reporting is pivotal under the new rules, which mandate that public companies disclose significant cybersecurity incidents within four business days after determining their materiality.

The regulation aims to equip investors with critical, timely information that could influence their investment decisions. However, the study also highlighted a significant gap in the quality of these disclosures; fewer than 10% provided detailed insights into the material impacts of the cybersecurity incidents.

This suggests a possible reluctance or challenge among companies to fully assess and disclose the comprehensive effects of these incidents swiftly.

The balancing act between providing detailed reports and protecting sensitive operational details remains a tricky pathway for corporations, especially since the rules do not require the disclosure of specific technical information that could compromise remediation efforts.

Keep up with all the latest FinTech news here

Copyright © 2025 FinTech Global

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research

Investors

The following investor(s) were tagged in this article.