As the SEC readies its new rules on cybersecurity and disclosure of breaches, both public and private companies need to make sure they are complying with pertinent parts of the regulations
New cybersecurity rules from the U.S. Securities and Exchange Commission (SEC) are set to take effect on Dec. 15, 2023; and although the rules primarily target publicly listed companies, other private and smaller companies should familiarize themselves with the new rules, while preparing and monitoring their operations for their own security.
The SEC’s cybersecurity rules, adopted this past July, require publicly listed companies to comply with numerous incident reporting and governance disclosure requirements. Organizations should assume that they will experience real threats and potential breaches, the rules state.
Complying with the various and often overlapping regulations is a challenge; however, the ultimate objective should be building and employing an effective cyber-risk management program that goes beyond completing compliance checklists. Firms and companies must ensure that best practices are in place across the enterprise to prevent…
