The SEC adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules requiring foreign private issuers to make comparable disclosures.
In this Help Net Security video, Doug Barbin, President and National Managing Principal at Schellman, shares his perspective on what this means for enterprises moving forward.
To accomplish the requirements of the rule, organizations need to not only be audit-ready but have a deep understanding of where risk lies within their business. With many infosec and cybersecurity teams already strapped for talent, this process has to be efficient so those workers can easily pull reports, get real-time risk postures, and protect the areas of the business that are most at risk.