The U.S. Securities and Exchange Commission’s proposed cybersecurity disclosure rules are likely to pass, which means it’s time to evaluate your organization’s readiness and build out capabilities where necessary.
One key component of the proposal is the need for speedy incident disclosure — you’ll have just four days to disclose after determining that your organization has experienced a material cybersecurity incident.
Speed in reporting is vital in terms of a company’s ability to discover the breach, collect the right information, and involve key stakeholders to ensure that the disclosure is accurate, complete, and transparent. Completing this monumental task requires an integrated approach to pull everything together quickly and accurately — so the time to start preparing is now.
In addition to cybersecurity incident disclosure, the SEC has also proposed to require enhanced and standardized disclosure of registrants’ cybersecurity risk management, strategy, and governance.
To help assess your organization’s readiness, a new article by AuditBoard risk experts John Wheeler and Richard Marcus outlines four steps to consider when responding to the SEC’s potential new deadline for disclosing breaches. This free PDF download also includes 14 sample questions for consideration when evaluating your company’s cybersecurity risk management, strategy, and governance.
Don’t wait to get up to speed on these important regulations!
Request Free! |