SEC Cyber Disclosure Rules Usher in a New Era for CISOs

The SEC’s new cyber disclosure requirement is both a burden and an opportunity for CISOs, whose role is now more strategic than ever.

François Amigorena

January 15, 2024

1 Min Read
SEC Cyber Disclosure Rules Usher in a New Era for CISOs
Alamy

In response to increasingly sophisticated cyber threats and data leaks, the Securities and Exchange Commission has taken a pivotal step in enhancing corporate accountability through its new cybersecurity incident disclosure requirements.

Recent enforcement actions, such as the case against SolarWinds Corporation’s chief information security officer (CISO), underscore how seriously the SEC takes timely and accurate disclosure of cybersecurity incidents.

This move highlights a shift in the landscape of corporate governance, particularly in the realm of digital security. And, critically, these developments are reshaping the roles of IT leaders, who must now navigate a complex landscape of technological challenges and regulatory compliance.

The SEC’s New Cybersecurity Disclosure Requirements

The new regulations, including amendments to Regulation S-K Item 106, require prompt reporting of cyber incidents and clear annual disclosures about cybersecurity strategies and risk management, aiming to provide investors with a transparent view of cybersecurity risks.

Under the new requirements, IT leaders must report significant cyber incidents within four business days. They also must detail their cybersecurity risk management strategy in annual reports that outline corporate governance policies of cybersecurity risks.

In practice, this means:

  • IT leaders must be making appropriate disclosures

  • They must also have in place the appropriate controls and procedures to escalate items and determine when and where disclosures are required

These requirements place a huge burden of responsibility on all corporate leadership, but especially on the CISO and/or the chief technology officer (CTO).

Read the rest of this article on InformationWeek

Read more about:

North America
Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like