What Companies Need to Know : New Cyber Security Compliance Rules in US

New Cyber Security Compliance Rules in US : What Companies Need to Know

by

New Cyber Security Compliance Rules in US : What Companies Need to Know

Introduction:

The U.S. Securities and Exchange Commission (SEC) has recently introduced new rules concerning cyber risk management, governance, and incident disclosure. Set to take effect in December 2023, these regulations have prompted discussions on how companies are adapting to the stipulations and the challenges they encounter along the way.

Addressing the Challenges:

While chief information security officers claim familiarity with such regulations, other stakeholders, including chief legal officers and CFOs, find themselves seeking clarity regarding the process, particularly with the concept of materiality. The SEC rules can be divided into cyber risk management, cyber governance at both the board and management levels, as well as incident reporting and materiality.

Insights from Sean Joyce:

Sean Joyce, the global cybersecurity and privacy leader and U.S. cyber, risk, and regulatory leader at PricewaterhouseCoopers LLP, shared his observations during an exclusive interview with the CUBE at the Google Cloud Next event. He shed light on how companies are progressing in their efforts to comply with the new rules.

Overview of the SEC Guidelines:

The updated guidelines necessitate public companies to document their strategies for managing cyber risk and establish a board-level committee to oversee these efforts. Additionally, any material cybersecurity incidents must be reported to the SEC within four days of their discovery.

Minimal Shifts Despite Compliance Burden:

Despite some companies expressing concern over the compliance burden accompanying these rules, Joyce clarifies that they don’t represent a significant departure from the previous update in 2018. He emphasizes that the new guidelines primarily aim to adapt to technological advancements such as cloud and artificial intelligence, as cyber threats like ransomware become increasingly prevalent. Joyce identifies misconfiguration as a notable challenge faced by companies in this regard.

Conclusion:

As the SEC’s updated cyber security standards and regulations approach implementation, companies are grappling with the requirements outlined by the guidelines. While some stakeholders feel confident in their ability to navigate this landscape, others seek further insights to ensure compliance. The inclusion of materiality and the need for effective cyber risk management and governance are key aspects that organizations must address to protect their digital assets. By staying informed and proactive, companies can successfully align with these regulations and advance their cyber security posture in an evolving threat landscape.

UK Government to Establishing an Effective AI and Cybersecurity Regulatory Regime

 

 

Leave a Comment