Backup and Recovery
Compliance
Financial Services
Cybersecurity

SEC Disclosure Rule Covers Accidental Data Loss

Eoghan Casey
|
Field CTO | Field Technology Strategist, Own Company
No items found.

Recognizing the increasing impact that cybersecurity incidents are having on businesses and investors, on July 26 2023, the Securities and Exchange Commission (SEC) adopted new requirements for disclosure by publicly-traded companies of “an unauthorized occurrence, or a series of related unauthorized occurrences, on or conducted through a registrant’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.

Most companies concentrate on cybersecurity incidents resulting from malicious activity and might think that accidental occurrences are not covered. However, the SEC final rule clearly states that a cybersecurity incident should be construed broadly, encompassing a range of event types, adding: 

In general, we believe that an accidental occurrence is an unauthorized occurrence. Therefore, we note that an accidental occurrence may be a cybersecurity incident under our definition, even if there is no confirmed malicious activity. For example, if a company’s customer data are accidentally exposed, allowing unauthorized access to such data, the data breach would constitute a ‘cybersecurity incident’ that would necessitate a materiality analysis to determine whether disclosure under Item 1.05 of Form 8-K is required.” 

The SEC press release specifically refers to incidents causing data loss: 

Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” said SEC Chair Gary Gensler.

Given that the most common causes of data loss are human mistakes and integration errors, it makes sense that the SEC includes incidents caused by unintentional and non-malicious activity.

Preparations and Processes

The new SEC requirements include Regulation S-K Item 106, which will require registrants to describe their processes for dealing with cybersecurity incidents. Organizations that prepare for cybersecurity incidents are better positioned to detect, investigate, and neutralize problems more quickly. Dealing with these incidents promptly and effectively reduces downtime and cost and can prevent issues from escalating.

More than 7,000 companies use Own Recover to back up their mission-critical SaaS data, and to recover from data loss incidents in a timely, precise, and reliable manner. In addition, Data Recovery Readiness and Response (DR3) for SaaS helps customers prepare for incidents involving data loss, and establish processes and documentation to support proof of compliance. Such preparation puts companies in a stronger position to describe the nature, scope, and timing of the incident and the material impact in a Form 8-K when reporting an incident to the SEC.

These requirements will go into effect at the end of 2023.

To learn more about how Own helps companies with regulatory compliance, check our website.

Get started

Submit your details and we will contact you shortly to schedule a custom 25-minute demo.

Book a demo
Get started

Submit your details and we will contact you shortly to schedule a custom 25-minute demo.

Book a demo
Own Logo
Eoghan Casey
Field CTO | Field Technology Strategist, Own Company

Eoghan Casey is Vice President of Cybersecurity Strategy & Product Development at Own, creating innovative solutions for SaaS data protection and security analytics. He has 25+ years of technical leadership experience in private and public sector organizations, and is an internationally recognized expert in cyber risk mitigation and digital forensic investigation. He is on the Board of DFRWS.org and has a PhD in Computer Science from University College Dublin.

You may also like

No items found.
No items found.
No items found.
Backup and Recovery
Backup and Recovery
Backup and Recovery
Compliance
Financial Services
Cybersecurity

Get started

Share your details and we’ll contact you shortly to schedule a custom 25-minute demo.

Schedule a Demo