Page 33 - Cyber Defense eMagazine October 2023
P. 33

What Are the New SEC Guidelines?

            The SEC is responsible for regulating the security industry, and its cybersecurity regulations are designed
            to ensure the protection of sensitive customer and financial data. The new rules will require companies
            to:

               •  Disclose  via  an  updated  8-K  form  whether  they  determined  any  cybersecurity  incident  to  be
                   material. They may also be compelled to document the material aspects of the incident's ‘nature,
                   scope,  and  timing,  as  well  as  its  material  impact  or  reasonably  likely  material  impact  on  the
                   registrant.’
               •  Periodically disclose the company’s cybersecurity risk management, strategy, and governance in
                   annual reports.

            The new regulations will compel organizations to improve how they discover vulnerabilities and breaches,
            their reporting protocols, and their overall level of cybersecurity expertise. According to PwC, the SEC is
            now ‘putting the onus on companies to give investors current, consistent and “decision-useful” information
            about how they manage their cyber risks.’

            “Many  companies  will  focus  on  enhancing  their  cybersecurity  capabilities  as  they  plan  for  the  new
            disclosure requirements.”

                      ’
            PwC, SEC s New Cyber Disclosure Rule


            Is Your Existing Security Infrastructure ‘SEC-Ready’?

            As companies prepare for the new SEC rules, they must assess and adjust their current security priorities
            and initiatives to ensure they align with the new regulations. These initiatives may include:

            Assessing  cybersecurity  risks.  Organizations  must  constantly  improve  their  security  strategies  and
            infrastructure  in  response  to  evolving  cyber  threats  to  protect  sensitive  data,  financial  assets,  and
            mission-critical applications and systems.

            Managing implementation and operational costs. Introducing new cybersecurity programs and operating
            a high-performance security infrastructure is costly, especially for smaller organizations. Meeting the new
            SEC guidelines may require incremental investments in technology, training, and auditing.

            Minimizing non-compliance risks. Failure to comply with the new SEC regulations could result in material
            fines, penalties, legal actions, and damage to shareholder trust.

            Understanding  the  regulatory  complexities.  As  the  SEC  is  essentially  breaking  new  ground,  many
            companies may need help interpreting and complying with the requirements.

            Protecting  reputation  and  investor  confidence.  A  cybersecurity  incident  can  damage  a  company’s
            reputation and investor confidence. The new SEC guidelines will create greater visibility into security
            breaches and bring into focus how quickly and effectively companies responded to an incident.






            Cyber Defense eMagazine – October 2023 Edition                                                                                                                                                                                                          33
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   28   29   30   31   32   33   34   35   36   37   38