[Image source=Reuters Yonhap News]

[Image source=Reuters Yonhap News]

View original image


[Asia Economy Reporter Kim Hyunjung] The U.S. Securities and Exchange Commission (SEC) is considering a policy that requires companies to disclose and report related information within four days if a cybersecurity incident occurs.


On the 9th (local time), The Wall Street Journal (WSJ) reported that the SEC proposed mandatory reporting regulations related to cybersecurity for companies. The related proposal will be finalized after gathering opinions from institutions and others.


Gary Gensler, SEC Chairman, stated, "Unfortunately, cybersecurity incidents occur frequently, and if an attack succeeds, it affects a company's finances, operations, and reputation," adding, "Therefore, investors want more information about cybersecurity risks that affect investment decisions and returns."


Robert Jackson, a former Democratic SEC commissioner, analyzed regulatory documents from 2018 and found that about 90% of cybersecurity incidents occurring in publicly listed companies were not disclosed.


In addition to the reporting obligation within four days, the proposal requires companies to regularly report on their cybersecurity status. It also mandates summarizing the company's policies for identifying and managing cybersecurity risks in annual reports and specifying whether there is a cybersecurity expert among board members.


Hot Picks Today

As Samsung Falters, Chinese DRAM Surges: CXMT Returns to Profit in Just One Year As Samsung Falters, Chinese DRAM Surges: CXMT Returns to Profit in Just One Year

The SEC will collect opinions from institutions for at least 60 days before finalizing the regulations.


한글 기사 보기
This content was produced with the assistance of AI translation services.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.

Today’s Briefing