CISOs beware: the SEC is watching
“The teachings [of this latest ruling] are that the SEC is taking note of this challenge,” Zukis stated, “so get your home so as when it comes to the brand new guidelines.”
“The SEC is being very affected person with the brand new guidelines,” he added. However, he alleged, “there’s an unlimited quantity of non-compliance to the brand new guidelines. Firms will not be describing the fabric influence of an incident of their present filings beneath the brand new guidelines. So get targeted in your processes, get your documentation in place and disclose [information in filings] honestly.”
“This isn’t rocket science,” he stated, “but it surely requires some consistency and maturity in processes. The SEC will maintain you accountable if you happen to’re taking part in quick and unfastened with these guidelines. In case your documentation [of cyber incidents] is inconsistent, you don’t have a mature course of … It’s not about getting it proper or fallacious. It’s about displaying you’ve gotten some maturity as a enterprise administration and governance physique to constantly apply some thoughtfulness and rigor to the method.”
