Three Things to Know About the New SEC Rules on Sharing Information and Breach Disclosure Deadlines

Recently, the Securities and Exchange Commission adopted rules about the handling and reporting of cyber risks and breaches.
With these new guidelines and regulations, public companies and organizations must disclose cybersecurity incidents experienced in a timely manner and any information regarding their cybersecurity risk management, strategy and governance annually.
Although these new rules and guidelines may seem excessive to some, they're an essential step towards a stronger and more proactive approach to cyber risk management.
Being audit-ready means having a holistic approach to security and compliance that includes risk assessment, real-time continuous compliance monitoring, training for employees and effective communication.
To have the best understanding of where risk lies in the business, organizations should leverage a risk management and compliance tool.
By auditing against compliance standards, organizations are able to see where their inherent business risk lies, and in turn, make decisions to remediate that risk and reduce exposure.
A robust risk management tool will allow security leaders to quickly understand, evaluate and convey the impact of risk on the business aspects they care about the most.
2) Boards need to have a deeper understanding of cyber risk and security than ever before.
It's also essential to consider the board members' awareness of what's going on within the organization, what initiatives are currently in place and what risks impact success.
To do this effectively, security leaders must translate cyber risk and its impact into a language that board members will understand - dollars and cents.
Instead, communicating that the organization has an increased risk of reputational damage or fines for noncompliance ensures the impact is conveyed and they can invest in the right areas to reduce those risks.
Security leaders should re-visit their current cybersecurity plan, showing the board where investments are needed to close the cyber risk gap.
3) The new rules will significantly benefit companies that talk more about their risk.
Most importantly, this ruling emphasizes the need to take a proactive approach to risk management.
Organizations must understand their cyber risk posture, and the context of their risks, so they are prepared to act if a risk is realized.
As the SEC sets this precedent, it benefits companies to make risk a part of every conversation.
This requires having a 360-degree view of cyber risk and its constituent parts to enable action within the required timeframe.
With a proactive approach to cybersecurity and risk management, companies will be further prepared to monitor for threats and vulnerabilities, reporting them quickly as they arise.
Meghan is a passionate security and risk evangelist, DIBs champion, and home-renovation enthusiast specializing in process improvement and program iteration.
Meghan enjoys giving back to the security and risk community through blogs, whitepapers, webinars, conference presentations, and podcasts.


This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Sun, 04 Feb 2024 07:13:05 +0000


Cyber News related to Three Things to Know About the New SEC Rules on Sharing Information and Breach Disclosure Deadlines

Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
1 year ago Feeds.dzone.com
Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December Deadlines - Starting Dec. 18, publicly traded companies will need to report material cyber threats to the SEC. Deloitte offers business leaders tips on how to prepare for these new SEC rules. The U.S. Securities and Exchange Commission’s new rules around ...
1 year ago Techrepublic.com
What Are Firewall Rules? Ultimate Guide - Firewall rules are preconfigured, logical computing controls that give a firewall instructions for permitting and blocking network traffic. Network admins must configure firewall rules that protect their data and applications from threat actors. ...
10 months ago Esecurityplanet.com
Bringing Composability to Firewalls with Runtime Protection Rules - Rule control - Customers could not easily write their own firewall rules because of the use of proprietary languages that most teams weren't familiar with unless they received specialized training, or behind walled gardens only accessible by vendor ...
10 months ago Securityboulevard.com
SEC Shares Important Clarifications as New Cyber Incident Disclosure Rules Come Into Effect - The US Securities and Exchange Commission has shared some important clarifications on its new cyber incident disclosure requirements, which come into effect on Monday, December 18. The SEC announced in late July that it had adopted new cybersecurity ...
1 year ago Securityweek.com
Biden veto waiting for bill to kill SEC breach report rule The Register - The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's strict data breach reporting rule. The joint resolution, along with House Joint Resolution 100, ...
10 months ago Go.theregister.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
10 months ago Securityzap.com
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds - Joe Sullivan arrived at his sentencing hearing on May 4 this year, prepared to go to jail had the judge not gone with a parole board's recommendation of probation. A federal jury convicted the former Uber CISO months earlier on two charges of fraud ...
1 year ago Darkreading.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
11 months ago Securityboulevard.com
SEC: Financial orgs have 30 days to send data breach notifications - The Securities and Exchange Commission has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. Regulation S-P was introduced in 2000 ...
7 months ago Bleepingcomputer.com
Building a Sustainable Data Ecosystem - Finally, I outline future research and policy refinement directions, advocating for a collaborative and responsible approach to building a sustainable data ecosystem in generative AI. In recent years, generative AI has emerged as a transformative ...
9 months ago Feeds.dzone.com
MeridianLink confirms cyberattack after ransomware gang claims to report company to SEC - Financial software company MeridianLink confirmed that it is dealing with a cyberattack after the hackers behind the incident took extraordinary measures to pressure the company into paying a ransom. MeridianLink, which reported more than $76 million ...
1 year ago Therecord.media
Three Things to Know About the New SEC Rules on Sharing Information and Breach Disclosure Deadlines - Recently, the Securities and Exchange Commission adopted rules about the handling and reporting of cyber risks and breaches. With these new guidelines and regulations, public companies and organizations must disclose cybersecurity incidents ...
10 months ago Cyberdefensemagazine.com
Tell the FCC It Must Clarify Its Rules to Prevent Loopholes That Will Swallow Net Neutrality Whole - The Federal Communications Commission has released draft rules to reinstate net neutrality, with a vote on adopting the rules to come on the 25th of April. The FCC needs to close some loopholes in the draft rules before then. Net neutrality is the ...
8 months ago Eff.org
FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure - The FBI has issued guidance regarding the data breach reporting requirements of the Securities and Exchange Commission, providing useful information on how disclosures can be delayed. The SEC announced in late July that it had adopted new ...
1 year ago Securityweek.com
Sigma rules for Linux and MacOS ~ VirusTotal Blog - TLDR: VT Crowdsourced Sigma rules will now also match suspicious activity for macOS and Linux binaries, in addition to Windows. We recently discussed how to maximize the value of Sigma rules by easily converting them to YARA Livehunts. At that time ...
1 year ago Blog.virustotal.com
What CISOs Should Exclude From SEC Cybersecurity Filings - As enterprises continue to weigh which security incidents constitute something material enough to be reported under the Securities and Exchange Commission's new rules, CISOs face the challenge of deciding which details to report and, far more ...
1 year ago Darkreading.com
What Do CISOs Have to Do to Meet New SEC Regulations? - Ilona Cohen, Chief Legal and Policy Officer, HackerOne: It is never an easy time to be a chief information security officer, but the past few months have felt particularly challenging. The recent charges from the US Security and Exchange Commission ...
1 year ago Darkreading.com
SEC to require financial firms to have data breach incident plans - The Securities and Exchange Commission announced new rules on Thursday requiring certain kinds of financial institutions to have well-defined plans for what to do when a data breach involving customer information occurs. The rules - pushed through as ...
7 months ago Therecord.media
SEC to require financial firms to have data breach incident plans - The Securities and Exchange Commission announced new rules on Thursday requiring certain kinds of financial institutions to have well-defined plans for what to do when a data breach involving customer information occurs. The rules - pushed through as ...
7 months ago Therecord.media
CISOs on alert following SEC charges against SolarWinds - While the outcome of the Security and Exchange Commission's complaint against SolarWinds remains to be seen, infosec experts say the charges are likely to have a major impact on the role of the CISO going forward. In late October, the SEC charged ...
11 months ago Techtarget.com
New SEC Cybersecurity Reporting Rules Take Effect - In the press release announcing the new cybersecurity rules, SEC Chairman Gary Gensler said,. Whether a company loses a factory in a fire - or millions of files in a cybersecurity incident - it may be material to investors. Currently, many public ...
11 months ago Securityboulevard.com
What Is Packet Filtering? Definition, Advantages & How It Works - Packet filtering is a firewall feature that allows or drops data packets based on simple, pre-defined rules regarding IP addresses, ports, or protocols. Each data packet consists of three components: a header to provide information about the data ...
10 months ago Esecurityplanet.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
2 months ago Cyberdefensemagazine.com
BlackCat Ransomware Group Reports Victim to SEC - A prolific ransomware group appears to have reported one of its victims to the US Securities and Exchange Commission, in a bid to pressure payment. BlackCat/ALPHV said it compromised digital lending solutions provider MeridianLink on November 7, but ...
1 year ago Infosecurity-magazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)