Paul Hastings Data Privacy & Cybersecurity Practice Co-Chair Michelle Reed Discusses Firm’s SEC Cybersecurity Incident Disclosure Report With Bloomberg Law

Paul Hastings Data Privacy & Cybersecurity practice co-chair Michelle Reed discusses the SEC’s new cybersecurity regime, which requires victims of hacks to disclose their compromises within four days of discovery, in a Bloomberg Law exclusive article highlighting the firm’s inaugural SEC Cybersecurity Incident Disclosure Report.

According to the firm’s analysis of 75 breach disclosures from 48 public companies between Dec. 18, 2023, and Oct. 31, 2024, cyber incident disclosures increased by 60% since the SEC’s new reporting requirements went into effect in December 2023. Of those, 78% were made within eight days of discovery. Only 30 incidents were reported in the same period in 2023. The new rule is “forcing corporations to have unprecedented transparency on cyber practices, providing visibility that markets have not seen before,” noted Michelle, adding, however, that over-disclosure can lead to risks including “litigation and reputational harm.”

Click here to read the full article.