Episode notes
The Securities and Exchange Commission (SEC) has adopted rules requiring publicly-traded companies to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. This requires reporting cyber material incidents within four business days mandating companies be prepared with a robust cyber resilience strategy.
In this episode, our experts will explore the impact these regulations have on cyber risk management strategies, governance, and processes. Listen as they share insight into how to prepare and what we’re learning from recent breaches.
Featured experts
- Greg Spicer, Co-Founder & Chief Revenue Officer, Ostrich Cyber-Risk
- John Feezell, Global Security Consultant, Risk Advisory Services,
Kyndryl What you will hear
“You might say, ‘this is going to have a negative impact on our earnings,’ or ‘it's going to stop this big consolidation effort that we were trying to do that was part of … what we've shared with our stockholders.’ And that's a qualitative sense of the actual impact. So now we're joining those dots for the investor...And the idea of that is, then you present the shareholder a full package: here's what happened, here's how it's going to touch us in a business context, how it matters to us, and thus matters to you.” —John
“These CISOs – who we respect so immensely – are under so much pressure and time and they're short staffed and all those types of things. They're just trying to keep their head above water as it relates to keeping a bad guy out … I think progress would be that they start to look at cybersecurity and control from a different perspective. And that's not just about the technology …but it's how can I get more budget, for example. If you can go in and start talking about your industry, the threats to your industry, the motivations behind it, those threats and, and then what that impact looks like to our organization currently, then that risk drops down.” —Greg
“Create a team: don't wait, do it now. This needs to be part of your resiliency play. We talk in the industry now about resiliency. And we're allowed to say the quiet part out loud now, which it's not, if you're going to be breached, it's when you're breached. And so that resiliency play needs to have a team that's addressing this.” —John