Kyle Hicks
Business Development Senior Manager at Wolf & Company
- Report this post
What Business Leaders Need to Know About the SEC’s Cybersecurity Disclosure RuleCybersecurity incidents are a growing concern for businesses and investors alike. With cyberattacks potentially costing companies millions, damaging reputations, and impacting share prices, the stakes have never been higher. To ensure transparency and protect investors, the SEC now mandates that public companies disclose material cybersecurity incidents — but navigating these rules can be confusing for executives.Key takeaways from the new SEC rule:📢 Material Cybersecurity Incidents Must Be Disclosed: Public companies are required to report incidents that could affect their operations, finances, or reputation. The challenge? Determining what counts as “material.”📊 Timely Reporting: Once an incident’s materiality is determined, it must be disclosed within four business days, outlining the nature, timing, and impact of the breach.💡 Collaboration is Key: CISOs, legal, and financial teams must work together to define materiality and streamline compliance. Developing a clear plan and timeline can make this process smoother.🔒 Annual Cyber Risk Reports: Companies are also required to submit annual disclosures about their cybersecurity risk management, strategy, and governance. The SEC is watching — and so are investors.As this regulation evolves, staying compliant and transparent is essential for protecting both your business and investor trust.Read more in Erica Sweeney’s latest article on the SEC’s cybersecurity disclosure rule.#Cybersecurity #SEC #RiskManagement #Compliance #DataProtection #Governance #DenSecure #WolfandCo
5
To view or add a comment, sign in
More Relevant Posts
-
Brush Cyber
67 followers
- Report this post
The recent SEC enforcement action against SolarWinds highlights the importance of proper 8-K reporting and material disclosures for cybersecurity incidents. The case emphasizes the need for transparency in disclosing cybersecurity practices and incidents. With new SEC rules, companies must provide accurate and timely information to avoid misleading investors. Moving forward, these rules will require more comprehensive reporting and robust internal controls to manage and disclose cybersecurity risks effectively.Materiality: Disclosures must include all material information to ensure reports are not misleading.Timelinessis of the essence. The SEC mandates the prompt filing of complete and accurate reports, which underscores the need for precision and promptness in reporting.For instance, a data breach affecting many customers or a cyberattack that disrupts critical business operations would be considered significant cybersecurity incidents. All such incidents must be disclosed to provide a clear picture of risks and impacts.Legal Standards: Companies must adhere to Section 10(b) and Rule 10b-5, ensuring that disclosures do not contain false statements or omissions.Looking ahead, the new rules necessitate annual disclosures on cybersecurity risk management, strategy, and governance. This requirement ensures compliance and underscores the importance of proactive transparency in the corporate world.#CyberSecurity #LegalCompliance #SEC #MaterialDisclosures #8KReporting #CISO #CyberLaw #RiskManagement #SECRegulations #Litigation
Like CommentTo view or add a comment, sign in
-
Erik Librader
Managing Director, Business Development & Growth - Executive Practice/Team Leader - CRM/BI/GRC/Digital Transformation Consultant
- Report this post
Check this out to hear more about the latest SEC rule changes now in effect regarding Cybersecurity and how Vistrada can help you stay current and navigate these changes. Today, more than ever, it's critical to remain aware of and compliant with this ever-changing and evolving ecosystem.#Cybersecurity#SECRegulations#CyberRisk#FinancialServices#Vistrada
6
Like CommentTo view or add a comment, sign in
-
Computer Integrated Services
1,352 followers
- Report this post
Navigating the SEC Cybersecurity and Disclosure Rules: A Guide for CISOs!The SEC’s new cybersecurity and disclosure rules have introduced significant changes for publicly traded companies.As a Chief Information Security Officer (CISO), it’s crucial to understand and navigate these regulations effectively to ensure compliance and protect your organization.Key Steps for CISOs:- Understand Materiality: Determine what constitutes a “material” cybersecurity incident.The SEC defines material incidents as those that a rational investor would want to know about, such as significant revenue losses, operational interruptions, or data breaches.- Timely Disclosure: Ensure that material incidents are disclosed within four business days.Delays can lead to regulatory penalties and erode stakeholder trust.- Accurate Reporting: Provide comprehensive and accurate accounts of incidents, including their impact and the measures taken to address them.Inaccurate disclosures can result in regulatory scrutiny and loss of credibility.- Clear Communication: Use clear, non-technical language to describe incidents and their impacts.This ensures that all stakeholders, including investors and the general public, can understand the situation.- Internal Coordination: Foster seamless coordination between IT, legal, public relations, and finance departments to ensure accurate and timely disclosures.By following these steps, CISOs can navigate the SEC’s cybersecurity and disclosure rules effectively, ensuring compliance and safeguarding their organizations.For support schedule your free consultation with industry experts -> www.cisus.com/contact!#CIS #CyberSecurity #Compliance #CISO #SEC #CyberAttack #DataBreach
12
Like CommentTo view or add a comment, sign in
-
Centraleyes
2,019 followers
- Report this post
In a groundbreaking move on July 26, 2023, the Securities and Exchange Commission (SEC) ushered in a new era of corporate transparency with a pivotal decision. A game-changing cybersecurity disclosure rule that's set to redefine the landscape for public companies.What's the buzz all about?This transformative SEC mandate now mandates public companies to promptly unveil "material" cybersecurity incidents within a mere four days of determining their significance. Are you ready to navigate this regulatory landscape?Join us as we delve into:🛡️ Strategies to ensure compliance with the SEC Cybersecurity Rules Update.🔍 Key requirements outlined by the SEC Cybersecurity Rules 2023.📝 Details on material cybersecurity incident disclosure, annual risk management and strategy disclosures, and cybersecurity governance disclosures.Plus, we've got you covered with essential dates.Unlock the insights you need to thrive in this new regulatory environment.https://lnkd.in/dC984qHh#Cybersecurity #SEC #Compliance #RegulatoryUpdates #BusinessInsights
3
Like CommentTo view or add a comment, sign in
-
Austin Cooper
Head of Technology @ CreativeGuru AI| Software Project Management Creativeguru.ai creates compelling ideas and distributes them across all your communications channels.
- Report this post
The SEC's decisive move to mandate prompt cybersecurity breach disclosure for large public companies is a game-changer in ensuring transparency and accountability. This four-day reporting rule aims to arm investors and stakeholders with timely information to assess cyber risks effectively. It's a step I strongly support, as it harmonizes what used to be a patchwork of disclosure practices.The ripple effect of this rule extends beyond just reporting; it underscores the vital role of CFOs in cyber risk management and the importance of collaboration with CISOs. Annual reports on cybersecurity measures further reveal the internal workings of companies, helping to build investor confidence.With cybersecurity taking center stage in financial operations, as seen in the strategic CFO appointments at Markel Group and Primerica, the message is clear: companies must intertwine financial acumen with tech-savvy risk management.As we witness increased spending on security products and services, the SEC's regulations are not just timely but necessary for maintaining the financial ecosystem's integrity. While larger companies are already on the clock, smaller businesses have a six-month cushion to align with the new standard, ensuring a level playing field.In a world where cyber threats loom large, proactive measures like these are not just prudent but essential. The SEC's new rules are a commendable stride towards safeguarding our digital and financial realms. What are your thoughts on these new regulations? Do you think they will effectively bolster cyber resilience? Share your views in the comments. #CyberSecurity #SECRules #CorporateGovernance #RiskManagementOriginal article: https://lnkd.in/e9-QaRkr
Like CommentTo view or add a comment, sign in
-
Stuart Leach
Cyber Partner - RSM UK
- Report this post
Global regulation is putting pressures on Boards and the C-Suite to ensure they are getting cybersecurity right. We all know that a cyber breach can have wide reaching consequences including significant financial and reputational damage chief amongst those, but with key regulations such as US SEC's new disclosure rules, and EU's NIS2 amongst others coming into play, senior management and boards of directors could face direct legal action. Now more than ever Boards need to be aware of the cyber threat their businesses face, ensure they have effective measures in place to manage cybersecurity risk, and be prepared to respond to a cyber-attack. The below article from my colleagues at RSM US provides some great details of regulations that Boards and business leaders need to be taking notice of. The cyber regulatory landscape is becoming ever more complex to navigate. If you would like to discuss this further, or need support to drive awareness and ensure you are ready to achieve compliance, please reach out to myself or the RSM team. https://lnkd.in/eng4GF58
27
2 Comments
Like CommentTo view or add a comment, sign in
-
Arik Solomon
Co-Founder & CEO at Cypago | Cyber GRC Automation
- Report this post
🚨 Attention all #cisos working for public companies!The December 15th deadline, defined as part of the new U.S. Securities and Exchange Commission's ruling on cybersecurity disclosure, is coming up in two days! 🤯 As dictated by the new rules (https://lnkd.in/d5Zgw4tG), forms 10-K and 20-F should now be provided with disclosures around, amongst others, the following topics:👉 Risk Management and Strategy - Including a detailed description of existing processes for assessing, identifying, and managing material risks from cybersecurity threats. In addition, companies should explain whether and how any such methods have been integrated into their overall risk management processes.👉 Cybersecurity Governance - A description of the oversight mechanisms for governing risks from cybersecurity threats, including the processes by which upper management is informed about such risks. Companies must also identify the stakeholders responsible for assessing and managing such risks and the methods by which they monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents.While it's clear that many companies will struggle to meet this deadline, it's also clear that all security leaders protecting publicly traded companies must equip themselves with the best technology and tools money can buy to avoid putting their companies on the path to non-compliance with the new rulings.Deadlines tend to have that annoying habit of sneaking up on you quicker than expected. Don't wait for the next deadline, make it happen today.
25
Like CommentTo view or add a comment, sign in
-
David Olsen
- Report this post
After a data breach scare, an Australian marketing firm revamped its workflow to prevent future breaches, providing a model for other SMBs to avoid financial, reputational, and legal issues.Here's why 𝐢𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭𝐢𝐧𝐠 𝐚𝐧 𝐞𝐟𝐟𝐢𝐜𝐢𝐞𝐧𝐭 𝐰𝐨𝐫𝐤𝐟𝐥𝐨𝐰 𝐚𝐩𝐩𝐫𝐨𝐯𝐚𝐥 𝐩𝐫𝐨𝐜𝐞𝐬𝐬 is important:✅Ensuring Data Security✅Enhancing Operational Efficiency✅Compliance with Regulations✅Improving Accountability and Transparency✅Facilitating Better Decision-Making✅Reducing Errors and Redundancies✅Enhancing Collaboration and Communication✅Supporting ScalabilityLearn more here: https://buff.ly/3VOPYDQUnauthorized access to your sensitive information can wreak havoc on your finances and reputation. Protect your business before it's too late! Contact us for a 𝐟𝐫𝐞𝐞 𝐜𝐨𝐧𝐬𝐮𝐥𝐭𝐚𝐭𝐢𝐨𝐧 to learn how to 𝐬𝐞𝐭 𝐮𝐩 𝐲𝐨𝐮𝐫 𝐧𝐞𝐰 𝐬𝐲𝐬𝐭𝐞𝐦 𝐭𝐨𝐝𝐚𝐲. 👇👇👇🌐 https://buff.ly/4eXaPxF📞 1300 887 889📩 info@powerbits.com.au #makingtechnologyworkforyou #powerbits #ITManagedServicesAndSecurity #MSP #BusinessTech #CyberSecurity #SMBs #smallbusiness #mediumsizedbusiness #smalltomediumbusiness #businessowners #productivitytools #productivity #stayproductive
4
Like CommentTo view or add a comment, sign in
-
Buckler
866 followers
- Report this post
NYDFS Key Takeaways: (Nice summary of dates)🔹 On November 1, 2023, the New York Department of Financial Services (“NYDFS” or the “Department”) announced the adoption of the second amendment to its Cybersecurity Regulation (the “Second Amendment” or “Final Amendment”). The Final Amendment reflects that the Department carefully considered public comments, and made revisions to its Cybersecurity Regulation that demonstrate an understanding of the complex nature of cybersecurity governance and oversight.🔹 For legal and compliance teams, the new requirements will call for cross-functional participation throughout the coming year as companies assess their compliance with the Cybersecurity Regulation. We discuss six important updates reflected in the Final Amendment and offer several key takeaways, including steps companies can consider regarding incident response plans, gap assessments, and cybersecurity budgets.#nydfs #regulations #cybersecurity #cyberregulations #regulatorycompliance #regulatoryupdates #financialservices #financialservicesindustry #buckler #ciso #cisos #seniormanagement #securityprofessionals #cco #cro #governance https://lnkd.in/gxp22BvS
5
Like CommentTo view or add a comment, sign in
-
1,067 followers
- 51 Posts
View Profile
FollowExplore topics
- Sales
- Marketing
- IT Services
- Business Administration
- HR Management
- Engineering
- Soft Skills
- See All