CISOs beware: the SEC is watching
“Teachings [of this latest ruling] that the SEC is paying attention to this issue,” said Zukis, “so get your house in order according to the new rules.”
“The SEC is very patient with new rules,” he added. But, he said, “there is a huge amount of non-compliance with the new rules. The companies did not disclose the significant impact of the incident on their current filings under the new rules. So focus on your processes, get your documents and disclose [information in filings] honestly.”
“This is not rocket science,” he said, “but it requires consistency and maturity in processes. The SEC will catch you if you play fast and loose with these rules. If your documents [of cyber incidents] it’s not consistent, you don’t have the process of adults … it’s not about making it right or wrong. It is about showing that you have matured in a certain way as a board of directors and governance to consistently apply some discretion and rigor to the process.”
Source link