Analysis: HPE Breach Highlights Impact of SEC Disclosure Rule on Companies

Analysis: HPE Breach Highlights Impact of SEC Disclosure Rule on Companies



Hewlett Packard Enterprise recently disclosed a hacking attack on its Office 365 email environment by a Russian-aligned threat actor, in accordance with new SEC rules on cyber incident disclosure. The company emphasized that the incident did not have a material impact on its operations or finances. Despite not being required for compliance, HPE voluntarily disclosed the incident to comply with the spirit of the new regulatory guidelines. The decision to disclose may have been influenced by a similar attack on Microsoft executives linked to the same threat actor. The incident, affecting a small percentage of staff email accounts, occurred in May 2023 and was reported in December. Microsoft also faced a similar incident and is uncertain of its financial impact.

This development highlights a move towards greater transparency in cybersecurity incidents, although concerns exist about an influx of minor incident disclosure under SEC rules. There is a fear of creating “white noise” with numerous disclosures overshadowing more critical incidents as companies strive to meet SEC guidelines. Danny Jenkins of ThreatLocker cautioned against an overflow of micro-incidents being reported, potentially diluting the importance of significant cybersecurity breaches. The concern is that while disclosure is essential, an excess of minor incidents may obscure more severe violations that warrant greater attention.

Ultimately, the growing trend of voluntary disclosures of cybersecurity incidents by public companies reflects a positive step towards transparency in the industry. The disclosure by HPE and Microsoft signals a willingness to share details with stakeholders, even if the financial impact is not yet fully understood. Moving forward, it will be essential to strike a balance between transparent disclosure and avoiding an inundation of minor incidents that could cloud more critical cybersecurity breaches from public view.

Article Source
https://www.crn.com/news/security/2024/analysis-hpe-hack-shows-how-the-sec-s-disclosure-rule-is-playing-out