Financial services companies are on high-alert for potential data breaches and need to be aware of post-detection actions to take.
“Publicizing details of a cyber-breach involves a review of federal and state statutes,” said Kim Peretti, partner in Alston & Bird’s White Collar Crime Group and co-chair of its Security Incident Management Response Team.
“When security issues are triggered and the cyber-breach is considered a material event, the firm must issue a public filing to the Securities and Exchange Commission and thereby inform investors,” she said.
Peretti noted five years ago that when she was speaking to boards of directors, it was from the perspective of, “it’s not just an IT issue, so make sure you’re informed.” Times have changed, and now she advises boards to be more proactive.
“There should be regular reporting from management to the appropriate board committee at least a couple times a year or more frequently, as the risks involved in cybersecurity shift quickly,” she said.