Risk & Compliance/Legislation

W3-3B. The Ripple Effects of SEC's Cyber Security Rule & Enforcement Activity

Wednesday, June 12, 2024 1:15 PM - 2:15 PM

Room 3BC

Description

The SEC has made a significant mark with on cyber corporate governance by promulgating its cybersecurity rule and through enforcement activity. While the purported reason for the SEC's cyber-related rule and its mandatory disclosures (security incidents via 8-K; security program and governance disclosures via 10-K) is to inform investors, the SEC is looking to change behavior (with some teeth behind it). The new SEC's strategy is already causing major "ripple effects" concerning the role, status and risk of security professionals, incident response planning and materiality assessments, the nexus between core business objectives and cyber risk, and even how we talk about security internally and externally. This presentation explores these ripple effects and where they lead us; the positives, the negatives, and how security professionals, lawyers and organizations can manage them.

Learner Objectives

Have an understanding of the SEC's cyber security rule and enforcement activity Gain valuable insights on how to operationalize the SEC cyber rule and address issues raised by its enforcement activities, including with respect to incident response planning and cyber-related financial disclosures Become aware of the "ripple effects" coming out of the SEC's cyber-related regulatory activities, including how they impact the role, status and risk of security professionals, internal and external communications concerning information security, risk assessment and the nexus between core business objectives, corporate governance at the management and board levels, cyber extortionist strategies and incident response processes and business risk mitigation.