Imminent New SEC Cyber Security Rules

Uploaded on 2023-11-20 in FREE TO VIEW, BUSINESS-Services-Financial

The U.S. Securities and Exchange Commission (SEC) is recognising the growing threat cyberattacks pose to the financial markets and investor interests. As a result, the regulatory body is taking a more proactive stance on cybersecurity. The imminent rule changes include stricter requirements for reporting, disclosure, and safeguarding sensitive financial and customer data.

Risk professionals across the US must have been high fiving at the acknowledgement that cybersecurity is not just an IT issue; it’s a fundamental business risk.  And yes, the new rules do place additional pressure on CISOs, whose role it is to identify, mitigate and manage cyber security risk.

But crucially, compliance with SEC rules also points to the fact that risk management must come from the top.  The very top. 

With increased regulatory scrutiny comes the requirement for improved accountability and governance. Companies are required by the Cyber Disclosure rule to describe the processes they have in place for assessing, identifying, and managing material cybersecurity risks as well as the material effects of risks from cybersecurity threats, including previous incidents. Crucially, what the cyber disclosure rule demands is board oversight. Responsibility does not rest solely with the CISO. The board must understand and engage with and manage cyber security risk.  

For the first time the board must be able to talk confidently and knowledgeably about cyber security and risk.  And rightly so. Cybersecurity incidents can significantly damage a company's reputation, causing a loss of investor trust. High-profile breaches can lead to lawsuits,  fines, and significant loss of market value. The SEC's rules focus on material disclosures that could impact an investor's decision. In the context of cybersecurity, it is crucial for senior leadership to recognise the materiality of cyber risks and ensure that these risks are accurately disclosed in financial reports and disclosures to investors. 

For many, this will require a dramatic shift in mindset. The idea that the board and the IT department can continue to operate in their respective silos has been destroyed.

Cyber risk is everybody’s department. Cybersecurity risks are complex and evolving. Effective, comprehensive risk management requires a strategic approach that can only be achieved with the involvement of senior leadership and the board. 

By requiring public companies to disclose cybersecurity-related information and by emphasizing the board's oversight role, the SEC's cyber disclosure rule is intended to break down the walls between IT and the boardroom.

CEOs, boards, and executive management must be actively involved in setting the cybersecurity agenda, ensuring compliance with regulatory requirements, and protecting the company's reputation and investor trust. It promotes a more holistic and transparent approach to cybersecurity, recognising it as a critical business risk that requires attention and understanding at all levels of the organization.

Miguel Clarke is  GRC and Cyber Security lead for Armor

Image: Expect Best

You Might Also Read: 

DORA: Compliance With The EU Digital Resilience Act:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Bridging The Gap Between Cybersecurity & Business Goals
Update: Sacked OpenAI Boss Is Reappointed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CNCERT/CC

CNCERT/CC

CNCERT is the national Computer Network Emergency Response Technical Team / Coordination Center of China.

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

BluBracket

BluBracket

BluBracket is the first comprehensive security solution that makes code safe—so developers can innovate and collaborate, and security teams can sleep at night.

HITRUST Alliance

HITRUST Alliance

HITRUST provides widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

MyDocSafe

MyDocSafe

MyDocSafe is an all-in-one document security and e-sign software.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

Valtix

Valtix

Valtix is the first and only multi-cloud network security platform delivered as a service that enables cloud teams to meet the most stringent security requirements in a cloud-first & simple way.

Zokyo

Zokyo

Zokyo is a venture studio that builds, secures, and funds legendary web3/crypto businesses.

HashDit

HashDit

HashDit products and services focus on helping build a safe ecosystem for both protocol users and smart contract developers on BNB Chain.

Data Computer Services

Data Computer Services

Data Computer Services provides professional tailored IT Support and IT Services for businesses throughout Edinburgh and the Lothians.

Radiant Security

Radiant Security

Radiant Security offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Reinforce your SOC with an AI assistant.

Zafran

Zafran

Zafran is a Risk & Mitigation Platform that defuses threat exploitation by mobilizing existing security tools.

Ampsight

Ampsight

Ampsight specializes in enabling cloud integration, securing data, and navigating complications that drive critical-mission success.