In the press release announcing the new cybersecurity rules, SEC Chairman Gary Gensler said,.
Whether a company loses a factory in a fire - or millions of files in a cybersecurity incident - it may be material to investors.
Currently, many public companies provide cybersecurity disclosure to investors.
I think companies and investors alike would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way.
Through helping to ensure that companies disclose material cybersecurity information, today's rules will benefit investors, companies, and the markets connecting them.
According to analyst Frederick Havemeyer, the new SEC rules align with current cyber insurance trends that reward more transparent risk reporting with lower premiums on policies or better coverage.
The new rules cover both US public companies and foreign private issuers.
Disclosure of material cybersecurity incidents within four business days of determining that a breach is material.
FPIs use Form 6-K. Annual disclosure of cybersecurity risk management, strategy, and governance.
This disclosure is done on the company's annual report, Form 10-K for domestic public companies, Form 20-F for foreign entities.
Whether or not something is material is heavily dependent on the context of the company in question.
Something that's material for a company with $20 million in sales might not be material for a company with $2 billion in sales.
Increasing reliance on electronic systems coupled with a rise in cybersecurity incidents make transparency in cybersecurity more important.
Evidence suggests companies are underreporting cybersecurity incidents.
The best way to prevent the new SEC incident reporting requirement from adversely impacting your stock valuation is to adopt strong cyber protections that safeguard your organization from cyberattacks that you'd need to report.
The Ericom Cloud Security Platform provides a unified, Zero Trust cloud-based solution that makes it simple to upgrade to a state-of-the-art approach to cybersecurity.
Its clientless Zero Trust Network Access solution secures company applications from the growing risks posed by unmanaged devices used by work-from-home employees and 3rd party contractors.
The new reporting requirements provide investors with greater transparency regarding cybersecurity risk management.
Investors and potential investors will feel comfortable knowing your company's digital assets are protected by the only security approach that provides Zero Trust protection against internet-delivered threats.
Contact us to learn more about how easy it is to upgrade to Zero Trust isolation-based cybersecurity.
This Cyber News was published on securityboulevard.com. Publication date: Tue, 02 Jan 2024 22:43:05 +0000