Will Smaller Companies Buckle Under the SEC's New Requirements?

Even though the new incident reporting rules create pressure, they serve as a forcing function for building a strong security foundation.

Dark Reading, Staff & Contributors

July 18, 2024

1 Min Read
SEC website
LOUISA SVENSSON VIA ALAMY STOCK

The Securities and Exchange Commission's (SEC's) new incident reporting requirements have brought about many questions and concerns among security professionals and government bodies. 

One argument is that the requirements are duplicative of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) and will create more work for already resource-constrained cybersecurity teams. 

Another is that a four-day disclosure window is not only too early to determine the impact, but that disclosing sensitive breach information publicly on the heels of a breach could attract bad actors to exploit the vulnerability before it's fixed. 

Opinions and speculation aside, the challenges are real: 

  • Data today flows across many companies, systems, and subsidiaries, making the task of distinguishing between victims and perpetrators incredibly difficult.

  • Determining what "may be material to investors'' isn't always obvious and will require administrative work to figure out.

  • Establishing communication with business-level executives and the board will become more critical, requiring further education and training.

This is a herculean task for a large company with a chief information security officer (CISO) and a full security operations center (SOC) team; now imagine what it will be like for smaller companies with fewer resources.

Read the Full Article on Dark Reading

About the Author

Dark Reading

Staff & Contributors

Dark Reading: Connecting The Information Security Community

Long one of the most widely-read cybersecurity news sites on the Web, Dark Reading is also the most trusted online community for security professionals. Our community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights