Backup and Recovery
Compliance
Financial Services
Cybersecurity

SEC Disclosure Rule Covers Accidental Data Loss

Eoghan Casey
|
VP of Cybersecurity Strategy & Product Development, Own Company
No items found.

Recognizing the increasing impact that cybersecurity incidents are having on businesses and investors, on July 26 2023, the Securities and Exchange Commission (SEC) adopted new requirements for disclosure by publicly-traded companies of “an unauthorized occurrence, or a series of related unauthorized occurrences, on or conducted through a registrant’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.

Most companies concentrate on cybersecurity incidents resulting from malicious activity and might think that accidental occurrences are not covered. However, the SEC final rule clearly states that a cybersecurity incident should be construed broadly, encompassing a range of event types, adding: 

In general, we believe that an accidental occurrence is an unauthorized occurrence. Therefore, we note that an accidental occurrence may be a cybersecurity incident under our definition, even if there is no confirmed malicious activity. For example, if a company’s customer data are accidentally exposed, allowing unauthorized access to such data, the data breach would constitute a ‘cybersecurity incident’ that would necessitate a materiality analysis to determine whether disclosure under Item 1.05 of Form 8-K is required.” 

The SEC press release specifically refers to incidents causing data loss: 

Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” said SEC Chair Gary Gensler.

Given that the most common causes of data loss are human mistakes and integration errors, it makes sense that the SEC includes incidents caused by unintentional and non-malicious activity.

Preparations and Processes

The new SEC requirements include Regulation S-K Item 106, which will require registrants to describe their processes for dealing with cybersecurity incidents. Organizations that prepare for cybersecurity incidents are better positioned to detect, investigate, and neutralize problems more quickly. Dealing with these incidents promptly and effectively reduces downtime and cost and can prevent issues from escalating.

More than 6,000 companies use Own Recover to back up their mission-critical SaaS data, and to recover from data loss incidents in a timely, precise, and reliable manner. In addition, Data Recovery Readiness and Response (DR3) for SaaS helps customers prepare for incidents involving data loss, and establish processes and documentation to support proof of compliance. Such preparation puts companies in a stronger position to describe the nature, scope, and timing of the incident and the material impact in a Form 8-K when reporting an incident to the SEC.

These requirements will go into effect at the end of 2023.

To learn more about how Own helps companies with regulatory compliance, check our website.

Get started

Submit your details and we will contact you shortly to schedule a custom 25-minute demo.

Book a demo
Get started

Submit your details and we will contact you shortly to schedule a custom 25-minute demo.

Book a demo

You may also like

Backup and Recovery

Backing Up Your Salesforce Data Using Full Sandbox

For most organizations, Salesforce Full Sandbox is not an effective backup and recovery tool.

Backup and Recovery

My Take on Salesforce's New Backup and Recovery Solution

Report

2023 State of SaaS Data Security and Protection in Europe: Insights for IT Leaders

‍The 2023 State of SaaS Data Security and Protection in Europe report, commissioned by Own and AWS, delves deep into the current landscape of data security and protection across the continent. Through the research, which surveyed 1053 IT leaders responsible for data security and protection across the UK, France, Germany, Nordics, Benelux and Italy, we identified current attitudes and challenges to data protection and security, confidence in adhering to compliance regulations, approaches to data security and cyber-attack prevention, and future investment priorities. Here, we share some of this research's most interesting findings and takeaways.

Backup and Recovery
Backup and Recovery
Backup and Recovery
Compliance
Financial Services
Cybersecurity

Get started

Share your details and we’ll contact you shortly to schedule a custom 25-minute demo.

Schedule a Demo