As cyber threats escalate in frequency and severity, IT and security teams face increased pressure to maintain transparency. With this in mind, the US Securities and Exchange Commission’s (SEC) Cyber Disclosure Rule, released on 26 July 2023, mandates timely and detailed public disclosures about cyber incidents.
This rule places a heavy burden on chief information security officers (CISOs), chief information officers (CIOs), and chief technology officers (CTOs), insisting that they manage threats and communicate critical information to investors, stakeholders, and regulators in a manner compliant with SEC requirements.
Let’s take a closer look at the SEC’s new cyber disclosure rule and what security and IT professionals need to do to prepare for this new era of cyber transparency.
A New Challenge for CISOs and CIOs
The SEC’s Cyber Disclosure Rule changes the way companies handle cyber incidents. Mitigating a breach sotto voce behind the scenes is no longer enough. Now, entities must publicly disclose material cyber incidents and provide specific information about their governance and risk management processes.
The SEC defines a “material” incident as one “to which…
