Navigating SEC, NIS2, and DORA incident disclosure timelines under pressure

In this Help Net Security video, Rick Goud, Global Field CTO at Kiteworks, discusses how to handle SEC, NIS2, and DORA disclosure timelines during a security incident.

He opens with a 3.47 a.m. call: the team cannot confirm whether customer data left the environment, yet three regulators each start their own clock. Goud walks through a realistic example of a public company operating in Europe with financial services, showing how the rules ask different questions and arrive at the same time. He explains what to say when facts are incomplete, why disclosing too early can create a second problem, and how to order legal, investor, regulator, and customer communications.

He introduces the “read-back rule” for keeping notifications consistent, and stresses that disclosure is only as strong as the evidence behind it. His closing point: build a data architecture that feeds one reliable audit trail before the phone rings.

Apply now: Simplify security management with CIS SecureSuite Platform