Bolstering Cybersecurity: The SEC’s Focus on Cyber Reporting
The Security and Exchange Commission (SEC) announced last year that they would be working on proposed new rules on cyber risk management, strategy, governance and incident disclosure by public companies. By the end of 2023, they will most likely announce their finalized cybersecurity proposal.
The amendments put a particular focus on cybersecurity reporting as well as the organization’s policies and procedures to identify and manage cyber risks. Furthermore, they also deep dive into the organization’s Board of directors’ oversight of cyber risks and knowledge matter in cyber risk management.
Read our article: Cyber Resilience | From Third-Party to Cyber Risk Management to learn why, despite being perceived as a critical area of importance within the organization, oftentimes there are major weak points within the cyber cyber risk management processes of many businesses.
No matter how big or small the organization, this is as good a time as any to review and improve cybersecurity processes and elevate cyber risk management capabilities.
The proposed amendments should not come as any surprise, given the fact that regulators have been suggesting, for quite some time now, to add cybersecurity matter experts to the organization’s Board. Moreover, the amendments aim to inform investors about the cyber risk management, cyber resilience strategy and governance practices of the business, as well as provide relevant information related to cybersecurity incidents.
Transforming Your Cybersecurity Practices
The digital transformation of businesses has significantly expanded their cyber attack surface. Technology is a key partner that delivers powerful value creation across business processes.
More technology means more data, more third-parties, more tools.
As organizations improve their processes with technology, it’s important to fully understand the operational resilience objectives and potential cyber risks that an organization may face. Gaining full visibility of the entire cyber risk landscape is crucial to make risk-aware decisions.
After all, cybersecurity interconnects nearly every core business process and is crucial to ensure business continuity. Listen to the latest episode of The RegTech Report Podcast for more on the importance of developing a business continuity plan, the true impact of not contemplating the full IT Infrastructure & cyber attack surface of the organization and much more.
Keep in mind the following points when looking to transform your cybersecurity practices:
IT Infrastructure
A complete register of the organization’s technology assets is essential. This marks the starting point for any cybersecurity framework.
Protection Measures
Develop specific measures to put in place in different scenarios, as part of an operational resilience framework.
Regulatory Compliance
Follow the specific regulatory requirements on cyber risk management that impact your organization.
Third-Party Risk Management
At this point, there should be a Third-Party Risk Management (TPRM) program within every organization. It is important to keep in mind that working with any third-party comes with an inherent risk that must be analyzed.
Risk-Aware Culture
Lastly, training and awareness. Technology, processes and people come hand-in-hand, train your teams to make well-informed decisions by creating a risk-aware culture within the organization.
Complement this reading with a powerful webinar:
Are you Ready? Why Board Directors & Stakeholders Are About to Ask You About Your IT Risk Technology
Join Henry Umney, Managing Director of GRC Strategy at Mitratech, Seth Rosensweig, Partner of Cyber, Risk and Regulatory Compliance at PwC, and Samrah Kazmi, Chief Innovation Officer and Head of Risk Partnerships at RESRG as they discuss:
- How should companies approach the SEC’s proposal?
- What key questions are stakeholders about to ask?
- What to look for in a technology solution?
Furthermore, at Mitratech we believe in the power of technology. Our GRC solutions are recognized worldwide for their ease of implementation, high performance and unmatched ROI. Explore in more detail our cyber risk management capabilities, unique value drivers and key business differentiators in these powerful assets:
Mitratech’s Morning Show
Tune in every month for an exciting conversation with one of Mitratech’s industry experts.
Each episode will bring to the spotlight a key GRC use case.