New SEC regulations will force any public games company in the US to disclose ‘material’ hacks within four days-

Last week, we reported on a Roblox data breach that first happened in 2020, and was apparently shared in some nefarious places in 2021, but only became widely known about when the leak was posted again on July 18. There was a wealth of identifying information about individuals who attended the Roblox Developer’s Conference in this hacked data, and some might find the length of time between the hack happening and Roblox Corporation acknowledging it pretty surprising. 

Gaming companies are hardly alone in being targets for bad actors, with cybercrime now an omnipresent threat in every business sector. And no matter how good the defences get, we’ll be reading about successful hacks on high-profile targets for the rest of our lives. The US Security and Exchanges Commission clearly thinks so and as reported by The Register has voted to adopt new requirements, first proposed in March 2022, that any public company suffering a computer crime that’s likely to cause any kind of a “material” hit will now have a four-day time limit in which to disclose the incident. A material hit is basically anything investors should be concerned about.

Given that the vast majority of the big gaming companies in the US are publicly traded, this means the new rule (which comes into effect in 30 days) will apply to companies such as: Activision Blizzard, Electronic Arts, Microsoft, Nexon, Nintendo, Paradox Interactive, Riot Games, Roblox Corporation, Sony, and Take-Two Interactive. Nested within those are plenty of other famous studios like Blizzard, Bungie, Rockstar, and Zynga.

Any company that’s suffered a cybersecurity incident that could have a material impact now has to determine whether it should be disclosed “without reasonable delay” and, if it should, immediately has to submit a Form 8-K report which now has a new cybersecurity section. This will see the company declare what it believes to be the “nature, scope, and timing” of the breach and what it thinks the impact on the business will be. These 8-K forms are made public by the SEC.

There are some exemptions that probably won’t apply to gaming companies, such as risks to national security or public safety, and the disclosure rules come alongside a new reporting requirement, whereby public companies have to outline their processes for identifying and managing cyber-threats. Foreign companies doing business in the US will not be exempt and similar rules are being applied to their set of forms (6-K and 20-F, fact fans).

The focus here is on investors rather than the little people, but the outcome should be a public good. The exact definition of the word “material” is going to become pretty important, and there are of course a multitude of different possible cyber crimes that this rule will cover, but the example of customer data being compromised feels like something that should be disclosed as soon as it’s known about.

Helpfully, the SEC agrees, saying in the rules that: “By way of illustration, harm to a company’s reputation, customer or vendor relationships, or competitiveness may be examples of a material impact on the company.”

US state laws already require companies to notify users whose data may have been compromised, so this new regulation is additive rather than entirely novel, another layer of compliance that may catch unreported breaches. It may also illuminate the details of breaches which don’t involve user data, such as last year’s GTA 6 hack, which companies are usually buttoned-up about. Not everyone is a fan of these new rules, with some pointing out that publicity can be the last thing you want in the wake of a potentially disastrous hack. But the new rules have exemptions baked-in for just such eventualities, and fast public disclosure feels well worth the try.

Related Posts

Microsoft Kills $1 Game Pass Trial Just Days Before Black Ops 6 Launches

Microsoft is no longer offering $1 Game Pass trials, killing the option just days before Call of Duty: Black Ops 6 launches into Game Pass on October…

NFL's Best Wide Receiver Is Aware Of Madden Curse, Doesn't Want To Be Cover Star

Electronic Arts can go ahead and mark one potential star player off its list for cover athlete on next year’s edition of the Madden NFL franchise. Cincinnati…

Adventures and Victories- How Netflix’s Castlevania Transcends Its Source Material

In the year 2022, we’ve finally come to a point where a video game being adapted into a film or a TV show isn’t an immediate cause…

All Visions Of The Traveler Locations In Destiny 2- The Final Shape

Like other destinations introduced by past expansions, the Pale Heart of the Traveler added to Destiny 2 in The Final Shape is full of collectible items that…

Best Far Cry Games, Ranked

Few first-person shooter series have had the longevity of Far Cry, with a legacy going back more than 17 years and nine main titles released during that…

Committing Fraud Is The Name Of The Game In SpreadCheat, A Love Letter To Excel

There have been some unique throwback games over the years, but SpreadCheat looks like it’s going to be in a category all of its own. Games People…