In keeping up with the evolving regulatory landscape from the SEC, we’re here to discuss the latest set of rules regarding Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies. We’ll cover what changes are coming down the pike, how your organization will be impacted, and how to best prepare. As the industry-leader in Enterprise Risk Management since 2005, LogicManager’s solutions will keep you ahead of the game and ready for tomorrow’s surprises today.
The latest rule change from the SEC is requiring registrants to “disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance”. This mandate from the SEC to better inform both the public and investors with consistent and uniform disclosures is another step in the direction of a See-Through Economy. The See-Through Economy was coined by LogicManager CEO Steven Minsky when describing the shift in technology that has allowed information, news, and opinions to be more freely shared and distributed among the general public. By formalizing the disclosure of material cybersecurity incidents within annual fiscal reports, the SEC is embracing this trend.
How Will This Impact Your Organization?
With a better understanding of what’s changing, we can start to realize how organizations will feel the impact of the changes. CISOs will be mandated to disclose in their annual reports their processes for assessing, identifying, and managing material risk from cybersecurity threats. In addition, there will be requirements for management’s role in assessing and managing material threats.
As a result, Managers and CISOs will have a larger responsibility to communicate to the board their process for overseeing cyber risk. In turn, boards will then be more involved to help implement cyber policies and report on risk.