Cybersecurity compliance: What companies need to know about the new SEC rules | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


The U.S. Securities and Exchange Commission recently updated its rules on cyber risk management, governance and incident disclosure. The new rules will take effect in December 2023.

Given that the guidelines have only been out for a month, how are companies responding to its stipulations so far, and what major challenges are they facing on that path?

“When we talk to the chief information security officers out there, they’re like, ‘We’ve got it, we’re used to this stuff,’” said Sean Joyce (pictured), global cybersecurity and privacy leader and U.S. cyber, risk and regulatory leader at PricewaterhouseCoopers LLP. “However, when we talk to the chief legal officer [or] the CFO, they’re the ones that say, ‘Hey, talk to me about this process … this thing called materiality.’ When you look at the SEC rule, I would break it down into cyber risk management … then cyber governance, both at the board level and at the management level, and then incident reporting and materiality.”

Joyce spoke with theCUBE industry analysts Lisa Martin and Rob Strechay at the Google Cloud Next event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how enterprise efforts to comply with the new rules are progressing. (* Disclosure below.)

Breaking down the rules themselves

In a nutshell, the SEC’s updated guidelines state that public companies must document their approach to managing cyber risk, establish a board-level committee to oversee the same and report material cybersecurity incidents to the SEC within four days of discovery.

While some companies are bemoaning the compliance burden from these new rules, they’re not as big a change as those complaints convey — especially since there was an earlier update as recent as 2018, according to Joyce. They’re rather accommodating new developments in cloud and artificial intelligence as ransomware threats become more commonplace.

“The mainframe is now the cloud — think of the technology and it just goes in this cycle and moves to the edge, which we’re doing now,” he explained. “When you look at what I see companies struggling with, it’s really about misconfiguration.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Google Cloud Next event:

(* Disclosure: PricewaterhouseCoopers LLP sponsored this segment of theCUBE. Neither PWC nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

Your vote of support is important to us and it helps us keep the content FREE.

One-click below supports our mission to provide free, deep and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

——————————————————-


Click Here For The Original Source.

How can I help you?
National Cyber Security

FREE
VIEW