In 2023, the SEC adopted strict new cybersecurity disclosure requirements. The rules require public companies to disclose “material” cybersecurity incidents within four days; to periodically disclose cybersecurity risk management, strategy and governance in annual reports; and to describe the company’s oversight of cybersecurity risk by the board of directors, including management’s role and expertise. While these new rules only affect public companies, they serve as a reminder that thorough cybersecurity plans are critical to protecting investors from the expense and downside risk a cybersecurity attack can cause. And those costs aren’t insignificant. According to Forbes, cybercrime damage costs are expected to grow by 15 percent per year over the next two years, reaching $10.5 trillion USD annually by 2025.
For fintech companies, this reminder is even more critical. Because fintechs typically manage and store large volumes of sensitive data and Personally Identifiable Information (PII), they are a natural target for cyberattacks. According to Kroll’s Q4 2023 Cyber Threat Landscape Report, financial services was one of the top five…
