Incident Response & Threat Intelligence
R3-2A. Fear and Loathing in the Board Room: A Hopeful Journey to SEC Compliance.
Thursday, June 13, 2024 1:15 PM - 2:15 PM
Room 2A
Securities and Exchange Commission Chair Gary Gensler said, "Whether a company loses a factory in a fire, or millions of files in a cybersecurity incident, it may be material to investors" upon adopting a new SEC rule on July 26, 2023, on cybersecurity risk management, strategy, governance, and incident disclosure by public companies. This rule, referred to as the Sarbanes-Oxley for information security and data protection, will force cyber risk management from the server room to the board room and change the industry. Cybersecurity has been an IT function for decades, often thought of in hindsight after a data security or cyber incident without financial impacts on publicly traded companies in the form of material losses that would have regulatory, legal, or financial repercussions for organizations and their leadership. The new SEC rule will force an approach to duty-of-care obligations on reasonable cybersecurity standards that currently exist for directors and officers in other areas of corporate governance. Failure to comply with these rules will have severe career and financial impacts on executives.
After this presentation, learner will Gain insights intothe critical points of the new SEC ruling Know what you need to do for compliance Understand how it impacts current approaches to cybersecurity and data governance and the potential risks for rule violations.