Gartner® The Security and Risk Management Leader’s Guide to the SEC Disclosure Rules
CybSafe is proud to bring you cutting-edge research in cybersecurity.
We’re sharing an exceptionally valuable report, Gartner® The Security and Risk Management Leader’s Guide to the SEC Disclosure Rules.
We believe this report is essential reading for anyone involved in security and risk management (SRM), from IT leaders to CISOs to executives.
The latest cybersecurity disclosure rules put forth by the U.S. Security and Exchange Commission (SEC) have introduced new complexities to cybersecurity reporting, board governance, incident disclosure, public transparency and even individual liability.
Organizations struggle to define the cross-functional roles, responsibilities, plans and processes needed to optimize governance and risk management processes in light of the SEC’s cybersecurity disclosure rules. Compliance with the new SEC cybersecurity disclosure rules requires input and expertise from many domains.
The SEC disclosure rules and recent litigation place increased scrutiny on security and risk management (SRM) leaders, especially chief information security officers (CISOs) both internally and externally, introducing new legal liability to the role.
Organizations often confuse the material impact of cybersecurity incidents on financial and business outcomes (which forms the focus of SEC reporting) with the severity of incidents from a cybersecurity perspective.
Fortified by recent research by Gartner®, we feel this report delivers insight on the nature of these challenges, and strategies that can help to address them.
Gartner®,The Security and Risk Management Leader’s Guide to the SEC Disclosure Rules, by Lisa Neubauer, William Candrick, Elizabeth Davis, and Alissa Lugo, 29 July 2024
Report highlights
“The SRM leader’s role, especially when designated as the CISO, has hit an inflection point. C-suites, boards and regulators now view cyber risk as a core business risk.”
“All senior leaders must know the responsibilities and boundaries of their respective roles. Use Gartner’s interactive RACI chart as a starting point.”
“SRM leaders must realize that they cannot meet the SEC disclosure rules on their own. Rather, the key is to focus on identifying responsibilities they should own, and then empowering senior leaders to adapt the SEC disclosure rules in their respective units.”
“SRM leaders, especially CISOs, should spearhead efforts and guide their senior leaders to achieve the demands set in the SEC’s disclosure rules.”
Source: Gartner®, The Security and Risk Management Leader’s Guide to the SEC Disclosure Rules, by Lisa Neubauer, William Candrick, Elizabeth Davis, and Alissa Lugo, 29 July 2024
Disclaimer: GARTNER® is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.