TLDR:
- One year after the SEC cyber disclosure ruling, security leaders weigh in on its impact.
- Security professionals reflect on the lack of significant fines or penalties for non-compliance.
July 26, 2024 marks the one year anniversary since the SEC cyber disclosure ruling, and security leaders are reflecting on its impact. George Gerchow, Faculty at IANS Research and Head of Trust at MongoDB, emphasizes the need for greater accountability, larger sanctions on timing, and clearer guidance on what constitutes material information. He highlights the challenges of announcing ongoing attacks before mitigation, which can increase malicious activity.
Steve Martano, Faculty at IANS Research and Partner at Artico Search, notes that while the dismissal of charges against SolarWinds may be viewed as a win, regulatory pressure and litigation against companies and individuals are unlikely to desist. He emphasizes the importance of aligning cybersecurity programs with organization’s risk areas and evaluating potential financial impacts of cyber events.
Scott Kannry, CEO and Co-Founder at Axio, mentions the uncertainty following the Chevron ruling and the ongoing complexity of the regulatory landscape. He stresses the importance of building defensibility shields for CISOs to navigate the evolving regulatory environment and safeguard organizations.