Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SEC Wants Public Companies to Report Breaches Within Four Days

SEC Wants Public Companies to Report Breaches Within Four Days

The US Securities and Exchange Commission (SEC) has proposed rule amendments to require publicly traded companies to report data breaches and other cybersecurity incidents within four days after they’re determined as being a material incident (one that shareholders would likely consider important).

“In some cases, the date of the registrant’s materiality determination may coincide with the date of discovery of an incident, but in other cases the materiality determination will come after the discovery date,” the Wall Street watchdog explained.

According to newly proposed amendments to current rules, listed companies would have to provide information in periodic report filings on policies, implemented procedures, and the measures taken to identify and manage cybersecurity risks on Form 8-K.

Also Read: 8 Simple Ways To Improve Your Website Protection

The amended rules would also instruct companies to provide updates regarding previously reported security breaches.

The SEC wants public companies to share regular disclosures regarding their management’s role in implementing cybersecurity procedures and policies, as well as on their board of directors’ cybersecurity expertise and oversight of cybersecurity risk.

“We believe that the proposed requirement to file an Item 1.05 Form 8-K within four business days after the registrant determines that it has experienced a material cybersecurity incident would significantly improve the timeliness of cybersecurity incident disclosures, as well as provide investors with more standardized and comparable disclosures,” the regulator said [PDF].

Timely disclosure to keep investors informed

These proposed amendments are designed to provide investors with timely notifications of security breaches affecting listed companies and better inform them regarding their cybersecurity risk management and strategy.

If the rules are revised as the SEC wants, the new regulations [PDF] would require disclosing the following information about breaches (if the information is available when the 8-K forms are filed):

  • When the incident was discovered and whether it is ongoing;
  • A brief description of the nature and scope of the incident;
  • Whether any data was stolen, altered, accessed, or used for any other unauthorized purpose;
  • The effect of the incident on the registrant’s operations;
  • Whether the registrant has remediated or is currently remediating the incident.

However, companies affected by a breach are not expected to reveal technical information regarding their planned incident response or details on potential vulnerabilities to impact their response or remediation of the incident.

Also Read: 6 Simple Guides On PDPA Clause For Agreements Of Personal Data

“Over the years, our disclosure regime has evolved to reflect evolving risks and investor needs. A lot of issuers already provide cybersecurity disclosure to investors,” SEC Chair Gary Gensler added.

“I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner.

“I am pleased to support this proposal because, if adopted, it would strengthen investors’ ability to evaluate public companies’ cybersecurity practices and incident reporting.”

Update: Made it clearer when the four-day countdown starts.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us