A Panaseer investigation into organizations’ annual 10-K filings reported to the SEC shows that from January-May 2024, at least 1,327 filings mentioned NIST – a key indicator that cybersecurity posture is present in a filing.
This compares to just 110 during the same period of 2023 – a 12-fold increase – and 128 across the entire year. On current projections, researchers predict up to 2,600 such filings across 2024 – a more than 20 times increase.
The burden of additional cybersecurity reporting
December 2023’s new SEC rulings that incorporated cybersecurity risk into investor reporting mandated the inclusion of cybersecurity posture and processes in annual reports. Although CISOs won’t be directly responsible for compiling reports, they’ll need to work closely with the Enterprise Risk Management (ERM) team to ensure reports are accurate.
Accurate reports demand a deep understanding of cybersecurity posture and risk exposure. Any discrepancies between reports and reality will be tantamount to lying to investors, leaving CISOs potentially facing charges. SolarWinds’s CISO, Timothy G. Brown, has already been charged by the SEC for fraud and internal…
