How Should CISOs Navigate the SEC Cybersecurity and Disclosure Rules?
DARKReading, Thursday, September 26th, 2024
Companies that commit to risk management have a strong cybersecurity foundation that makes it easier to comply with the SEC's rules. Here is what you need to know about 8K and 10K filings.
Question: How should security leaders navigate the SEC's cybersecurity and disclosure rules? What do they need to do in order to ensure compliance?
Michael Gray, CTO, Thrive: While the Securities and Exchange Commission's (SEC) Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules went into effect toward the end of 2023, many organizations still have questions when it comes to filings and disclosures. Under these rules, organizations have to disclose significant cybersecurity incidents and provide annual updates on their cybersecurity posture. Being able to accurately share cybersecurity updates, sometimes within short time frames, requires teams to have a deep understanding of 8-K and 10-K filings, and to implement new processes that simplify compliance.