SEC Disclosure Deadline Is Here: Are You Ready? (And What to Do If You’re Not)
Public companies: No more dragging your feet when it comes cybersecurity.
As of today, large publicly traded enterprises are beholden to new cybersecurity requirements from the Securities and Exchange Commission (SEC).
[...]
Many experts agree that the “materiality” phrasing is up for interpretation and urge organizations to come up with their own definition with strict, specific requirements that err on the side of caution.
...
Yelena Barychev, partner at law firm Blank Rome LLP agreed that “materiality is going to be on a case-by-case basis,” depending on both the company and the particular attack.
“There is no litmus test,” she said. Organizations must “assess the impact of the incident, not only from a quantitative point of view but also from a qualitative point of view.”
...
Barychev of Blank Rome pointed out that, “cybersecurity has always been on the board’s agenda; this is not a new item for them.”
What’s different now is that the SEC wants detailed disclosures about the process that the board goes through in overseeing risk.
“They want to see interconnections about how management is getting info, how that info travels up the chain to the board, how the board evaluates it,” she said.
To read the full article, please click here.
"SEC Disclosure Deadline Is Here: Are You Ready? (And What to Do If You’re Not)," by Taryn Plumb was published in SDx Central on December 15, 2023.