How will the new SEC cybersecurity rules impact your business?
If you operate a business in the US, here’s what you need to know:
You’ll have to have a cybersecurity risk management program in place and be able to disclose how your business responds to cybersecurity threats.
You’ll have to describe management’s role and expertise in assessing and managing material cybersecurity risks. This means you’ll have to provide proof of relevant work experience, certifications and education. If you have a board of directors, you’ll also have to show how your board of directors oversees cybersecurity risks for your company.
You’ll be expected to determine the material impact of cybersecurity threats and to report the nature, scope and timing of material impact or likely material impact of a cyberthreat or attack. And you’ll have to sort it out quickly. New cybersecurity reporting rules require material impact reports to be submitted within four business days after an attack.
How will the new cybersecurity reporting laws impact SMEs?
These new cybersecurity reporting regulations signal the SEC’s increased attention to cybersecurity practices among public companies, including SMEs. For smaller businesses, it’s going to be essential to prioritize and enhance cyber capabilities. SMEs will need to take these regulations seriously and work diligently to meet the disclosure requirements while ensuring their cybersecurity measures are up to the mark.