The early days of SEC cyber-incident disclosures haven’t revealed much—and that may be a problem.
Thirteen companies have filed 8-Ks disclosing “material” cybersecurity incidents since the Securities and Exchange Commission’s rules took effect in mid-December. But the filings have been largely cursory, which corporate attorneys say stems from the SEC’s not providing clarity on what counts as material.