Hm, incentives like showing an improved reputational risk ranking?
During and After a Cyber IncidentRegistrants may seek to mitigate damages from a cyber incident by providing customers with incentives to maintain the business relationship.
Perhaps in order to prevent this sort of thing?
Cyber incidents may also result in diminished future cash flows, thereby requiring consideration of impairment of certain assets including goodwill, customer-related intangible assets, trademarks, patents, capitalized software or other long-lived assets associated with hardware or software, and inventory.The SEC is still missing at least one connection between dots:
Sure, infosec costs money. But if infosec actually prevents loss of customer goodwill, infosec could attract and retain customers, so infosec could be a source of profit. If anybody knows about it, that is.
Prior to a Cyber IncidentRegistrants may incur substantial costs to prevent cyber incidents. Accounting for the capitalization of these costs is addressed by Accounting Standards Codification (ASC) 350-40, Internal-Use Software, to the extent that such costs are related to internal use software.