Priya PatelTLDR:
- Cyber disclosures post SolarWinds are crucial for security.
- Proposed remediation safe harbor for cybersecurity incidents.
In the aftermath of the SEC’s actions against SolarWinds, Tom Tovar, CEO & Co-Creator of Appdome, discusses the importance of cyber disclosures. The SEC’s indictment against SolarWinds highlighted the lack of proper disclosures regarding cybersecurity risks, leading to misleading information for investors and analysts. Tovar suggests a remediation safe harbor for companies to disclose incidents and vulnerabilities after timely remediation. The article emphasizes the role of CISOs in controlling and approving cybersecurity disclosures, as well as the need for a comprehensive view of security incidents for faster resolution.
Full Article:
In the wake of the SEC’s investigation into SolarWinds, the topic of cyber disclosures has taken center stage in the cybersecurity industry. The SEC’s complaint against SolarWinds and its CISO highlighted the lack of accurate and timely disclosures regarding cybersecurity risks and incidents. This discrepancy between internal knowledge and public statements raised concerns about the effectiveness of current disclosure practices.
Tom Tovar proposes a remediation safe harbor as a solution to this problem. The safe harbor would allow companies to remediate cybersecurity incidents within a specified time frame and then disclose the details through standard SEC filings. This approach aims to provide companies with adequate time to address vulnerabilities before making public disclosures, ultimately leading to more accurate and informative reporting.
Tovar also emphasizes the importance of CISOs in overseeing and approving cybersecurity disclosures. By giving CISOs more control over these processes, companies can ensure that disclosures are aligned with the actual security posture of the organization. Additionally, Tovar suggests leveraging platforms that offer a unified view of security incidents for faster detection and resolution.
In conclusion, the article calls for a reevaluation of current practices surrounding cybersecurity disclosures. By promoting a remediate-first mindset and empowering CISOs to manage disclosure processes, companies can enhance transparency, reduce the impact on public stock, and improve overall cybersecurity posture. The proposed remediation safe harbor offers a practical approach to navigating the complex landscape of cyber disclosures in the aftermath of high-profile incidents like SolarWinds.
