Sign up to save your podcasts
Or
Share Michael Leach on the SEC Cybersecurity Disclosure Rule [Podcast]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Michael Leach on the SEC Cybersecurity Disclosure Rule [Podcast]
By Adam Turteltaub
In 2023 the US Securities and Exchange Commission adopted rules “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy and governance.”
Michael Leach, Director, Global Compliance, for data security firm Forcepoint explains that with the rules comes a new focus on transparency. This was help markets and individuals better understand what publicly-traded companies are doing to manage this risk and in response to breaches. The rules also raise pressure on organizations to increase their cybersecurity efforts since no one wants to have to disclose a weak cybersecurity regime or worse, a breach..
The rules, he explains, have real teeth, with fines ranging from the $1000’s to the millions. More importantly, the required disclosures are likely to have significant reputational impact on companies.
So what should companies be doing in light of the rules? In addition to making any required disclosures he recommends taking the time to understand the impact a cyber incident would have on the organization as a whole. Then, from a hands-on data perspective, make the effort to identify high risk, high value data and invest in the tools to secure it.
Listen in to learn more about the rules and what companies need to do to comply.
Listen now
View all episodes
By SCCE
4.8
3333 ratings
By Adam Turteltaub
In 2023 the US Securities and Exchange Commission adopted rules “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy and governance.”
Michael Leach, Director, Global Compliance, for data security firm Forcepoint explains that with the rules comes a new focus on transparency. This was help markets and individuals better understand what publicly-traded companies are doing to manage this risk and in response to breaches. The rules also raise pressure on organizations to increase their cybersecurity efforts since no one wants to have to disclose a weak cybersecurity regime or worse, a breach..
The rules, he explains, have real teeth, with fines ranging from the $1000’s to the millions. More importantly, the required disclosures are likely to have significant reputational impact on companies.
So what should companies be doing in light of the rules? In addition to making any required disclosures he recommends taking the time to understand the impact a cyber incident would have on the organization as a whole. Then, from a hands-on data perspective, make the effort to identify high risk, high value data and invest in the tools to secure it.
Listen in to learn more about the rules and what companies need to do to comply.
Listen now
More shows like Compliance Perspectives
View all
WSJ What’s News
4,320 Listeners
FCPA Compliance Report
20 Listeners
KFF Health News' 'What the Health?'
469 Listeners
Corruption Crime & Compliance
42 Listeners
GZERO World with Ian Bremmer
742 Listeners
Innovation in Compliance with Tom Fox
16 Listeners
Great Women in Compliance
55 Listeners
Everything Compliance
1 Listeners
Compliance into the Weeds
11 Listeners
Daily Compliance News
7 Listeners
All Things Sustainable (formerly ESG Insider)
59 Listeners
Hard Fork
5,364 Listeners
The Ezra Klein Show
15,201 Listeners
Zero: The Climate Race
186 Listeners
Ethicast
6 Listeners