CISOs In 2025: Balancing Security, Compliance, And Accountability
HelpNet Security, Wednesday, November 13th, 2024
In this Help Net Security interview, Daniel Schwalbe, CISO at DomainTools, discusses the intensifying regulatory demands that have reshaped CISO accountability and daily decision-making.
He outlines the skill sets future CISOs need, their key priorities for 2025, and how increased pressure impacts the role's attractiveness and retention.
What specific regulatory demands have heightened the CISO's accountability, and how has this affected their daily decision-making?
A recent change in the regulatory landscape that directly affected CISOs employed by publicly traded companies and heightened their accountability was the adoption of new rules by the US Securities and Exchange Commission (SEC), covering Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies. The SEC now mandates that companies disclose material cybersecurity incidents within four business days via financial filings. It must include detailed information about the incident's nature, timing, and impact on the company's financial health.