The proposed U.S. Securities and Exchange Commission’s stronger rules for reporting cyberattacks will have ramifications beyond increased disclosure of attacks to the public. By requiring not just quick reporting of incidents, but also disclosure of cyber policies and risk management, such regulation will ultimately bring more accountability for cybersecurity to the highest levels of corporate leadership.
