A report released by the National Association of Corporate Directors, Cyber Threat Alliance and SecurityScorecard says the Securities and Exchange Commission’s proposed cyber risk and incident disclosure requirements for public companies would help improve the ability of such businesses, advisers and funds to counter cybersecurity threats and carry out risk mitigation measures.
“The SEC’s actions in the past year, paired with recently released rules, draw a line under the critical role of management and boards in protecting not just investors and customers, but also the sound functioning of American business,” Friso van der Oord, senior vice president of content at NACD, said in a statement published Thursday.
On Feb. 9, the commission introduced rules that would require advisers and funds to report major cyber incidents within 48 hours and implement cyber procedures and policies to mitigate operational risks.
A month later, SEC proposed to amend rules to improve and standardize disclosures by public companies regarding incident reporting, cybersecurity risk management, governance and strategy. Comments on the proposed rules are due May 9.
The report includes a discussion of risks associated with third parties that have access to confidential data and covers recent cases in which SEC initiated actions after organizations failed to submit suspicious activity reports and disclosures or gave misleading statements on a cyberattack.
“It’s important that publicly traded companies appropriately disclose that risk so that investors can make informed decisions; in turn, better informed decisions create the market incentive for increased security across the ecosystem,” said Michael Daniel, president and CEO of CTA.
Sachin Bansal, chief business and legal officer at SecurityScorecard, highlighted the need for organizations to have continuous visibility into cyber vulnerabilities.
“Organizations need an automated, integrated and collaborative approach to gaining this visibility – it’s crucial to business continuity and to adhering to the new policies and procedures set forth by the SEC,” Bansal added.