When to Report a Cyberattack? For Companies, That’s Still a Dilemma

This tension between the need for discreet cooperation with law enforcement and the obligation to inform investors and the markets creates a dilemma for public companies. … Since 2011, when the S.E.C. issued its initial cyber guidance, only 106 companies have reported incidents to the S.E.C..

IACP Conference