If you work in cybersecurity, follow regulatory changes, or are part of the industry, you’ve likely been closely monitoring recent regulatory developments. The SEC’s cybersecurity incident disclosure rules and the EU’s Cyber Resilience Act (CRA), have pushed organizations to reevaluate and reshape their strategies. Now, with the rapid advancement of AI, it’s time for responsible use and stricter regulatory oversight.
While the secure development and use of AI is not regulated yet, one notable cybersecurity regulation from last year was the SEC’s new rules on cybersecurity risk management and incident disclosure. It now requires public companies to:
- Disclose significant cyber incidents to the SEC within four business days.
- Provide detailed information about their board’s oversight of cybersecurity risks.
To better understand the impact of these changes, we partnered with Sapio Research to survey 500 cybersecurity decision-makers from large enterprises in the US and UK. Download the full report: 2024 Regulation vs. Reality: Are the Fed’s Attempts at Wrangling Incident Disclosure Effective?
The Cost of Neglecting Cybersecurity Regulations
As the Chief…
