Jina Choi spoke with Fortune about the rise of ransomware and how companies are publicly disclosing when they’ve been targeted or paid a ransom.
U.S. Securities and Exchange Commission (SEC) regulators are looking at requiring the disclosure under the SEC’s rules related to environmental, social, and governance (ESG) matters. For the regulator, cybersecurity largely falls under the category of “social,” said Jina Choi, a former director of the SEC’s San Francisco office.
“Under the federal securities laws, for public companies, the legal standard regarding disclosure to its shareholders is materiality – and the SEC has set forth guidance regarding the costs, including reputational damage, that a company can incur if it is breached,” Jina said.
Read the full article.