POLICY
POLICY
POLICY
Cybersecurity compliance: What companies need to know about the new SEC rules
The U.S. Securities and Exchange Commission recently updated its rules on cyber risk management, governance and incident disclosure. The new rules will take effect in December 2023.
Given that the guidelines have only been out for a month, how are companies responding to its stipulations so far, and what major challenges are they facing on that path?
“When we talk to the chief information security officers out there, they’re like, ‘We’ve got it, we’re used to this stuff,'” said Sean Joyce (pictured), global cybersecurity and privacy leader and U.S. cyber, risk and regulatory leader at PricewaterhouseCoopers LLP. “However, when we talk to the chief legal officer [or] the CFO, they’re the ones that say, ‘Hey, talk to me about this process … this thing called materiality.’ When you look at the SEC rule, I would break it down into cyber risk management … then cyber governance, both at the board level and at the management level, and then incident reporting and materiality.”
Joyce spoke with theCUBE industry analysts Lisa Martin and Rob Strechay at the Google Cloud Next event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how enterprise efforts to comply with the new rules are progressing. (* Disclosure below.)
Breaking down the rules themselves
In a nutshell, the SEC’s updated guidelines state that public companies must document their approach to managing cyber risk, establish a board-level committee to oversee the same and report material cybersecurity incidents to the SEC within four days of discovery.
While some companies are bemoaning the compliance burden from these new rules, they’re not as big a change as those complaints convey — especially since there was an earlier update as recent as 2018, according to Joyce. They’re rather accommodating new developments in cloud and artificial intelligence as ransomware threats become more commonplace.
“The mainframe is now the cloud — think of the technology and it just goes in this cycle and moves to the edge, which we’re doing now,” he explained. “When you look at what I see companies struggling with, it’s really about misconfiguration.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Google Cloud Next event:
(* Disclosure: PricewaterhouseCoopers LLP sponsored this segment of theCUBE. Neither PWC nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
