A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
New SEC Rules Mandate Cybersecurity Disclosure Breadcrumb Home Insights Blog New SEC Rules Mandate Cybersecurity Disclosure Image SEC Cybersecurity Disclosure Webinar This webinar will examine the proposed Securities and Exchange Commission cybersecurity disclosure rule’s main components and outline what your organization can do right now. Watch Now March 22, 2022 The Securities and Exchange Commission (SEC) recently published a proposed ruleset that will require virtually all SEC registrants to provide a series of cybersecurity disclosures within mandated annual and quarterly reporting. These disclosure items, which will appear within the 10-K and 10-Q, are focused on three areas: cyber incident management, cybersecurity program governance and risk management, and Board of Directors cybersecurity education and cyber governance involvement. What Is The Proposed SEC Cybersecurity Disclosure Rule and Why Is It Important? It’s rare that we go a day without hearing about cybersecurity and resilience in one form or fashion. Maybe it’s a new form of ransomware that can exploit files, perhaps a geopolitical issue that may cause a surge in threat activity. Perhaps an unknowingly compromised third party providing services to well-known (or not-so-well-known) entities that captured personally identifiable information (PII). We can all think back over the last several weeks and probably recall several, if not more, whether or not we’re cybersecurity professionals. With continual emphasis on the dynamic cybersecurity landscape, regulatory bodies have continued to provide frameworks, advice and guidelines for certain industries and activities being performed. Recent examples include the FDIC, OCC and Federal Reserve coming together for security incident reporting regulations for their covered entities in 2022. However, on March 9, the SEC issued a proposed rule that will apply to over 8,000 public and foreign SEC registrants focused on strengthening cybersecurity posture. The proposed cybersecurity disclosure rule has three main components: incident disclosure, cybersecurity program disclosure and Board of Directors education disclosure. Specifically, the proposal would: Require current reporting about material cybersecurity incidents on Form 8-K; Require periodic disclosures regarding, among other things: A registrant’s policies and procedures to identify and manage cybersecurity risks; Management’s role in implementing cybersecurity policies and procedures; Board of directors’ cybersecurity expertise, if any, and its oversight of cybersecurity risk; and Updates about previously reported material cybersecurity incidents; and Require the cybersecurity disclosures to be presented in Inline eXtensible Business Reporting Language (Inline XBRL). Our Perspective Cybersecurity activities continue to be top of mind across industries. We have seen recent cybersecurity-centered proposals for registered investment advisors and funds, but the proposed SEC rule removes the industry lens and captures the ongoing importance of corporate governance and security awareness. For instance, the specific elements highlight the need for cybersecurity experience and training directly within the Board of Directors. The proposed rules center on leading practices organizations should strive to achieve, even if not required by regulation to do so. The ruleset emphasizes scalable programs designed to integrate cybersecurity as an enabler, and while the details of the final rule may vary slightly, the principles of risk management, governance, resilience and attention to third parties are best practice areas for cybersecurity programs and can’t be ignored. The time to act is now. Starting a programmatic approach today will drive readiness success when the disclosure rules become law. As the proposed rules are wide-ranging in coverage and include multiple facets of a cybersecurity program, waiting to start an integrated approach will require organizations to play catch-up across myriad areas, including: Cybersecurity risk assessment policies, procedures and outcomes Third-party vendor management, including analysis of risk frameworks, which must be embedded within company policies and procedures to identify the cybersecurity risks associated with the use of third parties Actions undertaken to prevent, detect and minimize effects of cybersecurity incidents Business resilience activities, including incident response Understanding the feedback loop to leverage prior information and incidents to enhance the overall cybersecurity program (people, process, technology and analytics) Integration of cybersecurity risk management within the enterprise strategy As the trusted cybersecurity partner for many leading organizations, our goal is to quickly highlight these elements to drive awareness and promote cybersecurity across the enterprise. With these proposed rules impacting both financial reporting and operational activities, there has never been a more important time to elevate the cybersecurity conversation within your organization. Optiv stands ready to help. Please don’t hesitate to contact us at info@optiv.com. By: Adam Wisnieski Director, Strategy & Transformation | Optiv Adam is responsible for development and delivery of cybersecurity programs and integrated risk management services to Optiv clients. His years of global risk management, technology and process consulting experience helps develop realistic, well-grounded cybersecurity programs that span operational, cybersecurity, regulatory, financial and strategic risk elements. Share: Threat Compliance SEC Optiv Security: Secure greatness.® Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com. Related Insights Image Cybersecurity Compliance Services Optiv's Cybersecurity compliance services including, PCI DSS, HITRUST, NIST CSF and ISO 27001, can help you navigate the complex, ever-changing security compliance arena. Learn more today! Image What Does the Cybersecurity Executive Order Mean for You? The executive order on cybersecurity emphasizes coordinated, mandated levels of controls to respond to a growing threat to critical infrastructure. Image Executive Order: White House takes on Utility Hackers… Managing an OT security program that meets C-Suite budgets and White House expectations is difficult but possible.
Optiv Security: Secure greatness.® Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Would you like to speak to an advisor? How can we help you today? Image E-Book Cybersecurity Field Guide #13: A Practical Approach to Securing Your Cloud Transformation Download Now Image Events Register for an Upcoming OptivCon Learn More Ready to speak to an Optiv expert to discuss your security needs?