The article discusses Clorox's response to a recent cyberattack and how it relates to the Securities and Exchange Commission's (SEC) cybersecurity incident disclosure rule. Here are some key points from the article:
SEC Cybersecurity Incident Disclosure Rule: The SEC finalized a cybersecurity incident disclosure rule in July, which requires public companies to disclose the nature, scope, timing, and impact of cybersecurity incidents considered material within four business days. Large companies may have to start complying with this rule as early as December.
Clorox's Cyberattack Disclosure: Clorox disclosed a significant cybersecurity incident in an August regulatory filing. It later revealed that it had shut down automated order processing and was processing orders manually due to the attack. The company believes that the incident has been contained.
Compliance with the SEC Rule: The article suggests that Clorox's rapid disclosure of the cyberattack is an example of a company trying to comply with the SEC's rule and act in the spirit of the regulation.
Importance of Cybersecurity Preparedness: The article emphasizes the importance of having comprehensive information security policies and incident response plans in place. Companies should assume that they will be targeted in cyberattacks and should be prepared to respond swiftly.
Collaboration among Stakeholders: It is crucial for companies to involve various stakeholders, including IT personnel, compliance, legal teams, and the C-suite, in the incident response plan. Roles and responsibilities should be clearly defined, and there should be contingencies for business continuity in case of severe disruptions.
Testing and Evaluation: Companies should regularly test their incident response plans, simulate different scenarios, and identify potential choke points in their operations. This helps ensure a more effective response in the event of a cyber incident.
Lessons from Clorox: The article suggests that Clorox's experience can serve as a lesson for other companies subject to the SEC's rule, highlighting the need for proactive cybersecurity measures and well-defined incident response plans.
Additionally, the article briefly mentions a $100,000 settlement by Santander U.S. Capital Markets, but it does not provide details about the settlement.
By fLEXI tEAM
Comments