"It's pretty clear that's not what the industry has done," BreachRx CEO Andy Lunsford said, highlighting the gap between SEC expectations and actual filing practices.
BreachRx analyzed 71 public 8-K filings and found that only 16.9% provided details on the material impact of cyber incidents, demonstrating a lack of transparency.
"The SEC was very clear... they wanted more transparency, more details; they didn't want boilerplate language," Lunsford noted, pointing to the failures in disclosures.
Despite new SEC rules requiring quick disclosure of material cyber incidents, many companies are still using vague language, with 52% providing non-specific boilerplate responses.
Collection
[
|
...
]