Page 161 - Cyber Defense eMagazine September 2023
P. 161
public companies that may lack a robust cybersecurity and reporting plan, as outside experts can act as
a team extension of an organization’s existing talent when it comes to evaluating vulnerabilities,
rethinking investments, implementing controls and determining when and how to report the information
the SEC will soon demand.
The roles of executives and directors
One of the most important aspects of this new rule is the involvement of executives and members of a
company’s board of directors, as their engagement in and understanding of the organization’s
cybersecurity posture become essential. Not only will this require a level of understanding of the new
SEC rule, but it also necessitates adding a layer of governance to ensure the company follows it.
Impacted companies should immediately begin hosting internal conversations between executives,
directors and the organization’s cybersecurity experts to provide a close look into current controls in place
to assess their efficacy. This may include reviewing assessments from outside experts and penetration-
testing reports. Additionally, executives and directors should ask questions about how security controls
are being implemented and how processes are being assessed to gain further insight into the current
controls in place — and areas for improvement.
Final thoughts
The SEC’s new rule marks a crucial step in bridging the cybersecurity information gap between
organizations and external stakeholders, while simultaneously encouraging public companies to
reassess and strengthen their overall cyber strategies. For many enterprises, this will require a significant
amount of work to be accomplished before the rule takes effect in December. At this stage, working with
third-party advisors to leverage their expertise should be a key consideration. When the reporting and
disclosure requirements become mandatory, companies will have to expect that news of their cyber
incidents will be broadcast far and wide. But the enterprises that begin preparing now for this eventuality
will be better positioned to safeguard their operations, reputation and financial success when the time
comes.
Cyber Defense eMagazine – September 2023 Edition 161
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.