There’s no doubt the SEC’s new cybersecurity disclosure rules represent a revolutionary shift and will increase the compliance burden on companies. But, as Jose Seara, CEO of DeNexus, explores, the new rules also present an opportunity for the clever CISO.
Editor’s note: Jose Seara is CEO of DeNexus, a cyber risk quantification and management technology provider.
The SEC’s new cybersecurity guidelines, which went into effect in December, mark a major period of transformation for public companies, as they must not only disclose material cyber incidents within four days of discovery, but they will be compelled to report details about their risk management, strategy and governance policies.
Beyond the obvious changes, these new rules have sparked conversations about the need for cyber risk quantification and management amid heightened risks and debates about the perceived inadequacy of the given timeframe to confirm breaches, comprehend their impact and coordinate timely notifications.
Despite concerns, noncompliance poses significant repercussions to chief information security officers (CISOs) and security teams, courtesy of the SEC, which has already shown its…
