Study finds \u2018significant uptick\u2019 in cybersecurity disclosures to SEC | CyberScoop<\/title> <meta name=\"description\" content=\"A study from Paul Hastings LLP new SEC cybersecurity disclosure rules have led to a 60% increase in reported incidents.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/sec-cybersecurity-disclosure-uptick-paul-hastings\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Study finds \u2018significant uptick\u2019 in cybersecurity disclosures to SEC\"> <meta property=\"og:description\" content=\"A study from Paul Hastings LLP new SEC cybersecurity disclosure rules have led to a 60% increase in reported incidents.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/sec-cybersecurity-disclosure-uptick-paul-hastings\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-12-19T23:05:25+00:00\"> <meta property=\"article:modified_time\" content=\"2024-12-19T23:05:28+00:00\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:title\" content=\"Study finds \u2018significant uptick\u2019 in cybersecurity disclosures to SEC\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec-2.jpg\"> <meta name=\"twitter:creator\" content=\"@gregotto\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1732206022g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1730999764g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1732010462g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ddc036fa194c40cf406f\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82965\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82965\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsec-cybersecurity-disclosure-uptick-paul-hastings%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsec-cybersecurity-disclosure-uptick-paul-hastings%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82965 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/sec-cybersecurity-disclosure-uptick-paul-hastings\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.907103825137\">\n<div class=\"single-article__header-content\" readability=\"29.654377880184\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/sec-cybersecurity-disclosure-uptick-paul-hastings\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> However, less than 10% of the disclosures addressed the material impacts of the security incidents. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"419\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec.jpg?resize=640%2C419&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec-2.jpg 4783w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec-2.jpg?resize=300,196 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec-2.jpg?resize=768,502 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec-2.jpg?resize=1024,669 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec-2.jpg?resize=1536,1004 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec-2.jpg?resize=2048,1339 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec-2.jpg?resize=600,392 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec-2.jpg?resize=257,168 257w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec-2.jpg?resize=515,337 515w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec-2.jpg?resize=1032,675 1032w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec-2.jpg?resize=1289,843 1289w\" sizes=\"(max-width: 1032px) 100vw, 1032px\"><figcaption> The headquarters of the Securities and Exchange Commission is seen in Washington, D.C., on Jan. 28, 2021. (Photo by Saul Loeb \/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"33.158283640135\"><body readability=\"67.832666871732\"><\/p>\n<p>The introduction of new cybersecurity disclosure rules by the U.S. Securities and Exchange Commission has led to a significant uptick in the number of reported cybersecurity incidents from public companies, according to a leading U.S. law firm that specializes in finance and M&A activity.<\/p>\n<p>Analysis by Paul Hastings LLP found that since the disclosure law went into effect in 2023, there has been a 60% increase in disclosures of cybersecurity incidents, and 78% of disclosures were made within eight days of discovery of the incident<strong>.<\/strong><\/p>\n<p>The regulations require public companies to disclose material cybersecurity incidents within four business days of determining their materiality, aiming to provide investors with timely and relevant information that could impact investment decisions.<\/p>\n<p>Despite the increase in disclosures, less than 10% of disclosures detailed the material impacts of these incidents, revealing potential hesitancy or difficulty in assessing comprehensive impacts swiftly. Companies are often faced with the challenge of balancing detailed reporting with the protection of sensitive operation details, as the rules do not mandate disclosing specific technical details that could hinder remediation efforts.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Michelle Reed, co-chair of Paul Hastings\u2019 data privacy and cybersecurity practice, said the hesitancy is likely because companies are disclosing very quickly, so as to not be penalized by the SEC for delayed disclosure.<\/p>\n<p>\u201cThe coming year will be an interesting testing ground on how materiality in the cyber world ultimately shakes out,\u201d Reed told CyberScoop. <\/p>\n<p>The materiality clause has <a href=\"https:\/\/cyberscoop.com\/cdk-ransomware-attack-sec-disclosure-material-impact\/\">led to inconsistent outcomes<\/a> among companies that have publicly disclosed a cybersecurity incident. For instance, the ransomware attack on automotive software provider CDK Global in June resulted in varying degrees of materiality disclosures. CDK\u2019s parent company, Brookfield Business Partners, said in their July disclosure they did not \u201cexpect this incident to have a material impact\u201d on their business despite paying <a href=\"https:\/\/cyberscoop.com\/cdk-ransom-blacksuit-25-million\/\">a $25 million ransom<\/a>. <\/p>\n<p>Some other car dealerships also filed disclosures saying the attack on CDK negatively impacted their company, but stopped short of saying the incident caused a \u201cmaterial impact.\u201d <\/p>\n<p>Reed told CyberScoop these cases illuminate the ambiguity companies face in determining the depth of information necessary for reporting, while avoiding the disclosure of sensitive security measures that could exacerbate vulnerabilities and lead to lawsuits.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cMateriality is a sliding scale, weighing risk and likelihood of impact,\u201d she said. \u201cThe exact same breach could happen to two different companies, and based on size of the company and effectiveness of their incident response, one may have to disclose and the other may not.\u201d <\/p>\n<p>An additional concern covered in the report is the prevalence of third-party breaches, which account for 1 in 4 incidents. The report points out this kind of cybersecurity incident leads to further dilemmas for companies on whether to disclose third-party breaches, particularly when other companies may have disclosed an incident related to the same breach. <\/p>\n<p>You can read the full report on Paul Hastings\u2019 <a href=\"https:\/\/www.paulhastings.com\/insights\/ph-privacy\/sec-cybersecurity-incident-disclosure-report\">website<\/a>. <\/p>\n<p> <\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.7933884297521\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/sec-cybersecurity-disclosure-uptick-paul-hastings\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Study finds \u2018significant uptick\u2019 in cybersecurity disclosures to SEC |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2322,78,679,117,962,3386,46,1324],"tags":[2325,86,680,119,963,3387,54,1326],"class_list":["post-6702","post","type-post","status-publish","format-standard","hentry","category-cdk-global","category-cybersecurity","category-financial","category-government","category-incident-reporting","category-paul-hastings-llp","category-ransomware","category-securities-and-exchange-commission-sec","tag-cdk-global","tag-cybersecurity","tag-financial","tag-government","tag-incident-reporting","tag-paul-hastings-llp","tag-ransomware","tag-securities-and-exchange-commission-sec"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cdk-global\/\" rel=\"category tag\">CDK Global<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/financial\/\" rel=\"category tag\">Financial<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/incident-reporting\/\" rel=\"category tag\">incident reporting<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/paul-hastings-llp\/\" rel=\"category tag\">Paul Hastings LLP<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/securities-and-exchange-commission-sec\/\" rel=\"category tag\">Securities and Exchange Commission (SEC)<\/a>","tag_info":"Securities and Exchange Commission (SEC)","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6702","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6702"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6702\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6702"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6702"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6702"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":6702,"date":"2024-12-19T17:05:25","date_gmt":"2024-12-19T23:05:25","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82965"},"modified":"2024-12-19T17:05:25","modified_gmt":"2024-12-19T23:05:25","slug":"study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/12\/19\/study-finds-significant-uptick-in-cybersecurity-disclosures-to-sec\/","title":{"rendered":"Study finds \u2018significant uptick\u2019 in cybersecurity disclosures to SEC"},"content":{"rendered":"