Aiming to strengthen cybersecurity practices, the Securities and Exchange Commission (SEC) has embarked on a transformative requirement for cyber breach disclosure that will send shock waves beyond public companies.
The SEC’s recent adoption of an enhanced cyber disclosure regulation demonstrates its dedication to transparency and risk management in the industry. It also aims to protect customers. Researchers at the Ponemon Institute found that organizations impacted by the regulation typically pass the costs on to consumers, who may also become victims of personal information stolen in a breach.
The SEC requirements form a rather clear new standard that, at this point, is hard to follow due to … [+]
As the digital landscape continues to rapidly evolve, cyber-attacks continue to be a major threat to the global economy. Ranging from direct attacks on targeted companies to indirect supply chain attacks, the damage done in recent years and the obvious trajectories necessitate better visibility and accountability by companies.
In a new report published by IBM, researchers found that in order to rectify the impact of a breach organizations spend an average of $4.5 million per breach, which is a 15% increase over the past three years.
The requirements practically mandate public companies and their boards to closely monitor the cybersecurity maturity and breach management practices implemented inside their organization and their external supply chain.
“With our solutions, organizations gain a better understanding of their cybersecurity posture … [+]
Regulatory requirements aiming to mitigate those risks are evolving quickly, and enterprises need to adopt standards for cyber risk and supply chain management that are far beyond the current standard in the industry.
The SEC’s new cyber disclosure rules require companies to promptly disclose any material cybersecurity incidents within four days of discovery. The new rules put in place aim to ensure that companies disclose material cybersecurity information, ultimately benefiting investors, companies, and the overall market.
The regulation requires each company and board of directors to be responsible for disclosing material cyber breach details in a structured and defined form, limiting the current companies’ flexibility and choice. Amongst the details required, the company should reveal the dates of discovery, what happened, what data was compromised, and corrective measures taken.
You, Too, Can Become A Victim
“The SEC disclosure requirement is a significant step towards leveraging cybersecurity and protecting the public interest,” says Kobi Freedman, the CEO of Findings.co, a global supply chain compliance automation platform, already providing these new standards to American top enterprises. “Recent years have unfortunately shown that leaving the choice of publicly disclosing a cyber breach in the hands of each company was not serving the best interest of investors and other stakeholders,” he says.
The new SEC rule encompasses third-party apps and notes how companies increasingly rely on outside … [+]
“The regulator’s insight that accountability should be structured is evidenced by the vendor disclosure requirements defined in last year’s executive order, aiming to set superior supply chain visibility for the US critical infrastructure. It now applies to every public company”.
Many victims of breaches were quick to point out that a third-party application failed them. The new SEC rule encompasses third-party apps and notes how companies increasingly rely on outside cloud services for data management and storage.
The need for rapid disclosure of cybersecurity breaches was evident recently in a few massive cyber events. In late 2021 SolarWinds, an IT infrastructure company serving tens of thousands of customers, including US government agencies, government entities, and public companies worldwide, revealed a Russian-related attack group had hacked it. The attack allowed the hackers to gain access to sensitive information and compromise various networks, leading to one of the most significant cybersecurity incidents in recent history. Only last month, CISA announced a significant cyber-attack from China, compromising 25 organizations and agencies in the US, including the state department and Department of Commerce, by hacking Microsoft accounts. Such disclosures, made responsibly by leading companies such as Microsoft for a long time, are now being enforced by the SEC on publicly traded companies and will diffuse rapidly to their entire supply chains.
“We observe the enormous exposure companies have both internally and externally due to their ever-growing supply chain dependencies. However, while companies depend on their supply chain partners, in an occurrence of a cyber breach, they rarely disclose it to their customers, and rarely publicly, thus increasing the financial and operational damages of the attack,” Freedman explains. “Enterprises with supply chain exposure and proper cybersecurity programs have taken the initiative to support vendor disclosure requirements voluntarily in order to get better and faster visibility into their supply chain. Recent regulations all point in the same direction: boards are accountable for their cybersecurity posture and the harm they can expose all stakeholders to it, including investors, customers, consumers, and others”.
Keeping Up With The New Standards
The challenge of scaling visibility across the global ecosystem requires collaborative effort and standardization. The SEC requirements form a rather clear new standard that, at this point, is hard to follow due to lack of internal and external processes in organizations. Freedman, it seems, predicted this unavoidable need and says that today, organizations already engaged with the company from multiple industries like banking, semiconductors, and governments are following the SEC’s new standards as a result.
“With our solutions, organizations gain a better understanding of their cybersecurity posture internally and across their entire supply chain, which significantly provides them with necessary disclosure requirements to all their stakeholders and in accordance with their relevant regulatory framework in every jurisdiction, thus enhancing their risk management strategies while increasing cost efficiency. This deeper insight our technology provides allows them to identify potential vulnerabilities proactively and optimize internal controls wisely.”
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
