The US Securities and Exchange Commission is requiring public companies, including public crypto companies, to disclose cybersecurity incidents.
The new rule, adopted on Wednesday, aims to ensure that investors receive potentially “material” information when a company has been attacked.
“Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information,” SEC Chair Gary Gensler said.
Companies such as Coinbase, Marathon Holdings, Bitdeer and MicroStrategy will be impacted by the new SEC rules.
“There has been a substantial rise in the prevalence of cybersecurity incidents, propelled by several factors: the increase in remote work spurred by the COVID-19 pandemic; the increasing reliance on third-party service providers for information technology services; and the rapid monetization of cyberattacks facilitated by ransomware, black markets for stolen data, and crypto-asset technology,” the SEC noted.
The SEC added that “evidence suggests” that companies are “underreporting cybersecurity risks.”
The new rule change will make it necessary for companies to give clear and specific information about any incidents that occur. This information will include details about when the incident happened, how it affected the company and its users, whether any data was stolen or accessed, and updates on whether the company has remediated the situation. All of this will be included in a new item, dubbed 1.05, included on 8K forms.
Public companies will also have to “describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats, as well as the material effects or reasonably likely material effects of risks from cybersecurity threats and previous cybersecurity incidents” on Regulation S-K.
8K forms give investors updates on big changes at listed companies.
The change comes as the SEC’s chief accountant warned that accounting firms working as auditors for the crypto industry need to be mindful of anti-fraud laws.
SEC Commissioner Hester Peirce, who has shown support for crypto in the past, tweeted that “crypto platforms [and] their accountants should be clear about what proof of reserves is and isn’t,” but she warned against discouraging “good-faith efforts to provide more transparency.”
Get the day’s top crypto news and insights delivered to your email every evening. Subscribe to Blockworks’ free newsletter now.
Want alpha sent directly to your inbox? Get degen trade ideas, governance updates, token performance, can’t-miss tweets and more from Blockworks Research’s Daily Debrief.
Can’t wait? Get our news the fastest way possible. Join us on Telegram and follow us on Google News.
Source: https://blockworks.co/news/sec-cybersecurity-rules