There’s no doubt the SEC’s new cybersecurity disclosure rules represent a revolutionary shift and will increase the compliance burden on companies. But, as Jose Seara, CEO of DeNexus, explores, the new rules also present an opportunity for the clever CISO.
The SEC’s new cybersecurity guidelines, which went into effect in December, mark a major period of transformation for public companies, as they must not only disclose material cyber incidents within four days of discovery, but they will be compelled to report details about their risk management, strategy and governance policies.
Beyond the obvious changes, these new rules have sparked conversations about the need for cyber risk quantification and management amid heightened risks and debates about the perceived inadequacy of the given timeframe to confirm breaches, comprehend their impact and coordinate timely notifications.