SEC mandates cybersecurity reporting for companies
The Securities and Exchange Commission’s (SEC) latest set of rules on cybersecurity reporting for publicly traded organisation can be understood in two ways. One, as another generic regulatory formality piling on the companies, or second, as an important move towards strengthening cybersecurity in the board.
In the smaller picture, it is likely to be both. But in the bigger picture, the benefits will outweigh the limitations. The SEC’s primary attention on cybersecurity metrics can mix with other financial reporting needs to compel companies toward a more comprehensive security framework that includes asset intelligence and prioritises material risk.
SEC protocol: Implication for organizations
The new protocol is likely to push organizations to start focusing on asset intelligence on evidence-based security data, and not just merely storing inventory of devices and apps, helping them toward a consistent monitoring and improvement program.
The rules will also support companies to involve entire organizations in cybersecurity, security, promoting IT confluence, compliance and legal in all the ways that will support every party involved.