A Proposed SEC Rule Would Force Companies To Disclose Cyberattacks
It seems like a commonsense rule. Too often when such a breach occurs, the incentive or temptation can be to try to cover it up, at the expense of consumers. And openness can not only provide accountability for companies, it can also help prevent further attacks by making more information available to cyber experts.
We can think of some cases where disclosure would be unwise, like when you need to keep silent to catch an intruder red-handed or something, but surely the point of asking for the SEC to enforce such a rule instead of legislating on it is to have flexibility in cases like that.