Adapting To SEC Cybersecurity Disclosure Requirements – Forbes

The cybersecurity compliance landscape for public companies and foreign private issuers in the … [+] United States significantly evolved in 2023 with the introduction of new regulations by the SEC.
The cybersecurity compliance landscape for public companies and foreign private issuers in the United States significantly evolved in 2023 with the introduction of new regulations by the SEC. Announced by SEC Chair Gary Gensler on July 26, 2023, these regulations mandate prompt disclosure of material cybersecurity incidents within four business days, except in circumstances where a delay is justifiable for national security or public safety reasons. Additionally, regulations require detailed annual reports on an entities’ cybersecurity risk management, strategy, and governance practices. Taking effect 30 days after the Federal Register publication in July, these rules aim to increase transparency for investors, companies, and the market by standardizing cybersecurity disclosures. They also highlight the SEC’s desire to enhance cybersecurity transparency.
The regulations aim to address the underreporting of cyberattacks, a persistent issue that has limited both the government and industry’s ability to effectively respond to cyber threats. Despite encountering resistance, including from the U.S. Chamber of Commerce, Congress, and some SEC members, the rules necessitate thorough disclosure of the consequences of cyber breaches. This move towards transparency is designed to highlight the importance of cybersecurity protocols in response to the increasing frequency of cyberattacks disrupting various industries.
The requirement for public entities to report material cybersecurity incidents within four business days has sparked controversy and opposition from Congress. Recent efforts, led by figures such as Rep. Andrew Garbarino and Sen. Thom Tillis, seek to overturn the rule, citing conflicts with existing legislation like CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act of 2022) and concerns related to the over burdening cybersecurity professionals. This opposition underscores the tension between investor protection goals and the operational security of companies, balancing transparency with confidentiality.
Determining the materiality of a cybersecurity incident involves legal, preparedness, and technical considerations, focusing on the undeniable forensic details gathered post-event. Organizations face the challenge of distinguishing crucial information from irrelevant data during a crisis, emphasizing the importance of clear communication with shareholders about an incident’s impact.
The new disclosure requirements introduce a dual challenge for cybersecurity professionals: compliance and threat management, with the risk of increased targeting post-disclosure. The SEC offers some relief through delayed reporting under select conditions, emphasizing the critical need for cybersecurity preparedness among public companies.
The SEC’s new disclosure mandates highlight the critical importance for companies to either cultivate in-house expertise or form alliances with firms that specialize in both cybersecurity and compliance. Relying on compliance measures without implementing strong security protocols poses significant risks, just as emphasizing security without a framework for compliance may fail to provide clear accountability to investors and regulatory bodies. Companies are encouraged to build or seek out partnerships with entities proficient in navigating the complexities of both fields, thereby ensuring adherence to regulations and bolstering their defenses against cyber threats. This comprehensive approach is not only necessary to navigate the new regulations, but essential for protecting shareholder interests and maintaining the integrity of public confidence.

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *