Imminent New SEC Cyber Security Rules

Uploaded on 2023-11-20 in FREE TO VIEW, BUSINESS-Services-Financial

The U.S. Securities and Exchange Commission (SEC) is recognising the growing threat cyberattacks pose to the financial markets and investor interests. As a result, the regulatory body is taking a more proactive stance on cybersecurity. The imminent rule changes include stricter requirements for reporting, disclosure, and safeguarding sensitive financial and customer data.

Risk professionals across the US must have been high fiving at the acknowledgement that cybersecurity is not just an IT issue; it’s a fundamental business risk.  And yes, the new rules do place additional pressure on CISOs, whose role it is to identify, mitigate and manage cyber security risk.

But crucially, compliance with SEC rules also points to the fact that risk management must come from the top.  The very top. 

With increased regulatory scrutiny comes the requirement for improved accountability and governance. Companies are required by the Cyber Disclosure rule to describe the processes they have in place for assessing, identifying, and managing material cybersecurity risks as well as the material effects of risks from cybersecurity threats, including previous incidents. Crucially, what the cyber disclosure rule demands is board oversight. Responsibility does not rest solely with the CISO. The board must understand and engage with and manage cyber security risk.  

For the first time the board must be able to talk confidently and knowledgeably about cyber security and risk.  And rightly so. Cybersecurity incidents can significantly damage a company's reputation, causing a loss of investor trust. High-profile breaches can lead to lawsuits,  fines, and significant loss of market value. The SEC's rules focus on material disclosures that could impact an investor's decision. In the context of cybersecurity, it is crucial for senior leadership to recognise the materiality of cyber risks and ensure that these risks are accurately disclosed in financial reports and disclosures to investors. 

For many, this will require a dramatic shift in mindset. The idea that the board and the IT department can continue to operate in their respective silos has been destroyed.

Cyber risk is everybody’s department. Cybersecurity risks are complex and evolving. Effective, comprehensive risk management requires a strategic approach that can only be achieved with the involvement of senior leadership and the board. 

By requiring public companies to disclose cybersecurity-related information and by emphasizing the board's oversight role, the SEC's cyber disclosure rule is intended to break down the walls between IT and the boardroom.

CEOs, boards, and executive management must be actively involved in setting the cybersecurity agenda, ensuring compliance with regulatory requirements, and protecting the company's reputation and investor trust. It promotes a more holistic and transparent approach to cybersecurity, recognising it as a critical business risk that requires attention and understanding at all levels of the organization.

Miguel Clarke is  GRC and Cyber Security lead for Armor

Image: Expect Best

You Might Also Read: 

DORA: Compliance With The EU Digital Resilience Act:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Bridging The Gap Between Cybersecurity & Business Goals
Update: Sacked OpenAI Boss Is Reappointed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Endace

Endace

Endace is a leader in network visibility, network recording and packet capture solutions for security, network and application performance monitoring.

WatchGuard

WatchGuard

WatchGuard is a leader in network security, secure Wi-Fi, and network intelligence products and services for SMBs and Enterprises worldwide.

We Watch Your Website

We Watch Your Website

We Watch Your Website provide website monitoring, protection, malware removal and root cause analysis services to help you keep your website secure.

File Centre

File Centre

File Centre is a leading specialist when it comes to data backup, we offer our clients a premium backup retrieval and delivery solution.

RunSafe Security

RunSafe Security

RunSafe Security is the pioneer of a patented cyberhardening transformation process designed to disrupt attackers and protect vulnerable embedded systems and devices.

Wüpper Management Consulting (WMC)

Wüpper Management Consulting (WMC)

Specialized in compliance, risk management and holistic information security WMC GmbH has longtime implementation experience in global projects.

Advens

Advens

Advens is a company specializing in information security management. We provide Consultancy, Security Audits and Technology Solutions.

6point6

6point6

6point6 is a technology consultancy with strong expertise in digital transformation, emerging technology and cyber security.

Findcourses.com

Findcourses.com

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

MTI

MTI

MTI is a solutions and service provider, specialising in data & cyber security, datacentre modernisation, modern workplace, IT managed services and IT transformation services.

Anxinsec

Anxinsec

Anxinsec Technology is a security solution and service provider with a focus on new technology and innovations in cybersecurity.

Knostic

Knostic

Knostic is an early stage startup developing a risk management and governance platform designed for enterprise large language models (LLM).

Ark Technology Consultants

Ark Technology Consultants

Ark Technology Consultants is a unique IT Services Firm which blends technology solutions with consultative insight around governance and process management.

AuthenticID

AuthenticID

Our mission at AuthenticID is to combat fraud worldwide and help businesses protect their enterprise and valuable data assets.

Quantum Dice

Quantum Dice

Quantum Dice is an award-winning venture-backed spinout from Oxford University’s world-renowned quantum optics laboratory.