In a Wall Street Journal article deliberating the challenges of the new SEC cyber disclosure rules, data, privacy & cybersecurity co-chair Ed McNicholas explains how data breach information can change over the course of a cyber attack investigation.
“You have to dig layer by layer to understand what [the hackers] did over time,” said Ed McNicholas, co-leader of the data, privacy and cybersecurity practice at law firm Ropes & Gray. “The SEC doesn’t appreciate the fog of war that takes place when you have threat actors that are sophisticated and working intensely to remain undetected and stealthy,” he said.
Companies might quickly disclose information they believe to be correct, but later face allegations of misleading investors if it turns out to be wrong, Ed said.
New SEC cyber disclosure rules, scheduled to go live this month, require publicly traded companies to report cyberattacks through regulatory filings, no later than four business days after they determine the attack will
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.