Your response to a data incident will affect your stock price
Clorox's data breach, in light of the new SEC cybersecurity rules, highlights the need to have a multidisciplinary team of experienced, prepared, and informed cybersecurity professionals. That team must include technical, legal, and business members to determine how to resolve the problem technically while preserving value and trust in the company. A data incident is usually stressful and evolving. Companies need to have a plan now to understand what types of incidents may be material to their investors under the new cybersecurity rules. With a requirement to report "material" incidents within 4 days, and incidents typically mutating over time, a series of 8-k filings like we see with Clorox, is likely to be the new norm. If a data incident hit your company today, do you have a team in place, and a plan on how to handle both the incident response, AND multiple SEC filings?