Major SEC cybersecurity rule changes are coming – but most companies aren’t ready

by | Feb 21, 2023 | Thought leadership

By May this year, the US Security and Exchange Commission (SEC) is expected to implement changes to cybersecurity and governance rules for public companies, which some predict will amount to a “tectonic” change in how boards must handle key issues such as incident reporting.

Officially, the rule changes are designed to “enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and cybersecurity incident reporting by public companies.” In practical terms, public companies will be required to disclose any material cybersecurity breach or incident to the SEC within four business days, while failure to do so may result in enforcement action. In addition, they must also be in a position to report on which member of the board is responsible for cybersecurity and how they exercise risk oversight.

While this meets a clear need to further raise the profile of cybersecurity at the board level, there are concerns that most organizations are simply not in a position to meet these reporting and governance requirements.

According to research published in Forbes, for example, the vast majority (up to 90%) of public companies “lack even a single director with the necessary cyber expertise.” The analysis goes on to point out that “only 51% of Fortune 100 companies have a director on their boards with relevant cybersecurity experience. The situation in the Fortune 200 and 500 is more concerning: only 9% have cyber-savvy directors.”

Commenting on the potential impact of these rule changes, Glasswall CEO, Danny Lopez, said: “These new SEC rules are a welcome development that will help ensure that leadership teams and boards will become more effective in their approach to preventing and mitigating cyber risks. Cybersecurity is increasingly recognized as a business-critical priority, but many leaders have learnt the hard way, having been the victims of an attack. As a result of developments such as this, leaders everywhere – particularly in larger companies – will become more effective in meeting the needs of their CISOs and security teams.”

As discussed in Glasswall’s 2023 industry predictions, the cybersecurity sector should expect to see more legislation from governments this year designed to improve standards across the board. The US government, for instance, is also leading the charge across other key areas such as software procurement – a trend which is likely to be mirrored globally across both public and private sectors, helping increase industry maturity while offering a boost for consumer confidence.

To learn more about how Glasswall’s CDR solutions help organizations build a zero-trust approach to file-based risks, click here.

Related

What are file-based threats?

What is zero-trust file protection?

How does Glasswall CDR work?

Why Glasswall CDR?

Learn about the simple way to protect against sophisticated file-based threats.

Use Cases

Secure Email

File Uploads and Downloads

Malware Risk Removal

Metadata Removal

Cloud Native Integrations

Data Migrations

SDK Integration

Resource Library

Blog

Events

support lines

Support

strategic alliances

About our Partner Program

Our Partners

Become a Partner

Bringing File-based threat protection to your customers

Offer a richer security portfolio with the most agile CDR platform on the market. Stand out from the competition with a partner program built for you. Let’s make files safer together.

About Glasswall

Our People

Careers

Patents

communication

Contact Us

support lines

Support

Raising the bar on file security

We believe people should be free to open their files without fear. To click on anything without risk of catastrophe. To use systems the way they were meant to be used. That’s why we’re raising the bar on file security at Glasswall.