What The Board Needs To Know

A weekly cyber risk briefing for corporate board directors.

What to Think About:

The EU’s general data protection regulation requires victims to report details of the breach to the national regulator within 72 hours, a far stricter timeline than most states attorneys general demand in the U.S. However, data breach victims rarely have all of the information they need to make a single accurate disclosure, regardless of how much time they have.

The latest WSJ Pro Research paper highlights the challenge victims face in understanding what data an attacker may have taken and identifying...