Confused by the SEC’s breach reporting rules? Read this

May 22, 2024 at 12:40PM The SEC has clarified guidelines for public companies regarding ransomware and cybersecurity incident disclosures. Public firms must report “material” cyber intrusions under Form 8-K, Item 1.05. For immaterial incidents or those lacking a materiality determination, use Form 8-K, Item 8.01. SEC aims to help investors distinguish between the two for … Read more

Dark Reading Confidential: The CISO and the SEC

May 10, 2024 at 11:22AM Transcript Summary: Episode: Dark Reading Confidential, Episode 1 Summary: The episode explores the evolving relationship between CISOs and the Security and Exchange Commission (SEC). Guests discuss the challenges faced by CISOs, the need for greater regulatory understanding of the cybersecurity landscape, and propose solutions such as a remediation safe harbor … Read more

What Do CISOs Have to Do to Meet New SEC Regulations?

December 18, 2023 at 06:11PM CISOs face increasing regulatory scrutiny amidst rising cyber threats. The SEC’s recent action against SolarWinds’ CISO signals heightened individual accountability. New reporting obligations for public firms compel CISOs to fortify security programs, potentially enhancing standing and investor appeal. However, clear guidelines from the SEC are beneficial, and adjusting operating procedures … Read more

SEC Suit Ushers in New Era of Cyber Enforcement

November 13, 2023 at 10:08AM The Securities and Exchange Commission’s lawsuit against SolarWinds marks a significant shift in regulatory expectations and enforcement for cybersecurity in public companies and government contractors. Chief information security officers (CISOs) will need to be more diligent in designing and managing cybersecurity programs. The Department of Defense (DoD) is cracking down … Read more