- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Adrianne Appel2023-08-25T13:40:00
Businesses can prepare for the Securities and Exchange Commission’s (SEC) upcoming cybersecurity disclosure rule by going through it and identifying key gaps in compliance, according to an expert.
The final rule adopted by the SEC in July includes two major parts, noted Mary Tarchinski-Krzoska, market adviser for risk and compliance at software provider AuditBoard. Tarchinski-Krzoska spoke Tuesday during a session at a conference in Las Vegas jointly sponsored by ISACA, formerly the Information Systems Audit and Control Association, and the Institute of Internal Auditors.
One part of the rule requires companies to disclose annually new information, starting with reports for fiscal years ending on or after Dec. 15, 2023, that describes their cybersecurity policies and programs, including how risks are identified and mitigated. The other part pertains to cybersecurity breaches and will require companies to promptly determine whether a breach was material; if so, they must report details in a disclosure with the SEC within four business days.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
MGM Resorts International said it expects to take a $100 million hit as part of the fallout of a cyberattack that has most significantly impacted its Las Vegas operations.
The timing of a recent cyberattack against Clorox juxtaposed against the Securities and Exchange Commission’s adoption of its cybersecurity incident disclosure rule soon to take effect has presented a case study regarding how companies might seek to meet the requirements of the rule.
Data security and compliance are not one and the same but have enough overlap that organizations can take steps when building a data security program to move closer to achieving compliance.
American Water Works Company, which supplies drinking water and wastewater to 14 million customers, disclosed a breach of its computer networks and system due to a cybersecurity incident.
The global average cost of a data breach jumped to an all-time high for the second year in a row, but companies can reel in the ballooning drag on profits by adopting artificial intelligence, according to an IBM report.
The U.S. Department of Energy released supply chain cybersecurity principles meant to help strengthen key technologies used to manage and operate electricity, oil, and natural gas systems.
