Hey there!
Data breaches have almost become daily occurrences. Identity theft, financial fraud, ransomware - it never seems to end! That's because, for too long, companies have treated cyber security as an afterthought.
Well, not anymore!
The SEC's new cybersecurity rules became effective in mid-December 2023.
Now, public companies have to report any material cyber breach within four days of discovery. And that's not all – the annual reports must now include details on cyber risk management, strategy, and governance.
It's no surprise that these new disclosure requirements are causing shockwaves in boardrooms nationwide.
First off, 4 days allows little opportunity to fully investigate an incident before notifying the SEC. Next, oversharing information poses another concern - too many technical details could hand attackers a blueprint of vulnerabilities to exploit.
Issues aside, the new regulations are a step in the right direction.
Recent breaches have shown that cyber incidents can spiral out of control and bring a company to its knees. Equifax's 2017 breach led to a $700 million settlement and the CEO's ousting. Legal action is now being taken against SolarWinds and its CISO regarding their cyber disclosures.
It's clear that the SEC is putting its foot down, making cyber preparedness a non-negotiable for every public company. Companies can no longer ignore or downplay any security risks.
This decisive push toward accountability and transparency will serve as a wake up call for companies to prioritize their cybersecurity efforts.
Until then,
Shahul from Zluri
P.S. Hit reply and let me know your take on the new regulations!
