Page 33 - Cyber Defense eMagazine October 2023
P. 33
What Are the New SEC Guidelines?
The SEC is responsible for regulating the security industry, and its cybersecurity regulations are designed
to ensure the protection of sensitive customer and financial data. The new rules will require companies
to:
• Disclose via an updated 8-K form whether they determined any cybersecurity incident to be
material. They may also be compelled to document the material aspects of the incident's ‘nature,
scope, and timing, as well as its material impact or reasonably likely material impact on the
registrant.’
• Periodically disclose the company’s cybersecurity risk management, strategy, and governance in
annual reports.
The new regulations will compel organizations to improve how they discover vulnerabilities and breaches,
their reporting protocols, and their overall level of cybersecurity expertise. According to PwC, the SEC is
now ‘putting the onus on companies to give investors current, consistent and “decision-useful” information
about how they manage their cyber risks.’
“Many companies will focus on enhancing their cybersecurity capabilities as they plan for the new
disclosure requirements.”
’
PwC, SEC s New Cyber Disclosure Rule
Is Your Existing Security Infrastructure ‘SEC-Ready’?
As companies prepare for the new SEC rules, they must assess and adjust their current security priorities
and initiatives to ensure they align with the new regulations. These initiatives may include:
Assessing cybersecurity risks. Organizations must constantly improve their security strategies and
infrastructure in response to evolving cyber threats to protect sensitive data, financial assets, and
mission-critical applications and systems.
Managing implementation and operational costs. Introducing new cybersecurity programs and operating
a high-performance security infrastructure is costly, especially for smaller organizations. Meeting the new
SEC guidelines may require incremental investments in technology, training, and auditing.
Minimizing non-compliance risks. Failure to comply with the new SEC regulations could result in material
fines, penalties, legal actions, and damage to shareholder trust.
Understanding the regulatory complexities. As the SEC is essentially breaking new ground, many
companies may need help interpreting and complying with the requirements.
Protecting reputation and investor confidence. A cybersecurity incident can damage a company’s
reputation and investor confidence. The new SEC guidelines will create greater visibility into security
breaches and bring into focus how quickly and effectively companies responded to an incident.
Cyber Defense eMagazine – October 2023 Edition 33
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.