Podcast: Play in new window | Download (Duration: 9:09 — 8.4MB)
Subscribe: Apple Podcasts | TuneIn | RSS
In 2023 the US Securities and Exchange Commission adopted rules “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy and governance.”
Michael Leach, Director, Global Compliance, for data security firm Forcepoint explains that with the rules comes a new focus on transparency. This was help markets and individuals better understand what publicly-traded companies are doing to manage this risk and in response to breaches. The rules also raise pressure on organizations to increase their cybersecurity efforts since no one wants to have to disclose a weak cybersecurity regime or worse, a breach..
The rules, he explains, have real teeth, with fines ranging from the $1000’s to the millions. More importantly, the required disclosures are likely to have significant reputational impact on companies.
So what should companies be doing in light of the rules? In addition to making any required disclosures he recommends taking the time to understand the impact a cyber incident would have on the organization as a whole. Then, from a hands-on data perspective, make the effort to identify high risk, high value data and invest in the tools to secure it.
Listen in to learn more about the rules and what companies need to do to comply.