Summation of SEC Cybersecurity impacts on Public Companies
- Apr 15, 2022 3:14 pm GMT
This article from SEC Chair Gary Gensler contains some valuable insights into how public companies should consider preparing for SEC changes with regard to cybersecurity requirements. Here is a short excerpt from Secretary Gensler's guidance:
Adopting a heightened posture is a task that requires all of us. Last year, Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), said that “cybersecurity is a team sport.” “Each and every one of us are a member of Team Cyber,” she said.
Folks from the private sector—the folks that many of you in the audience represent—are on Team Cyber’s front lines.
Given the SEC’s mission, and the evolving cybersecurity risk landscape, when considering work at the SEC, I think about it in three ways:
- cyber hygiene and preparedness;
- cyber incident reporting to the government; and
- in certain circumstances, disclosure to the public.
The basic bargain is this: Investors get to decide what risks they wish to take. Companies that are raising money from the public have an obligation to share information with investors on a regular basis.
Disclosure regimes evolve over the decades. Cybersecurity is an emerging risk with which public issuers increasingly must contend.
To this end, in March, the Commission proposed rules that would enhance issuers’ cybersecurity disclosures in two key ways.
First, it would require mandatory, ongoing disclosures on companies’ governance, risk management, and strategy with respect to cybersecurity risks. This would allow investors to assess these risks more effectively. For example, under the proposed rules, companies would disclose information such as:
- management’s and the board’s role and oversight of cybersecurity risks;
- whether companies have cybersecurity policies and procedures; and
- how cybersecurity risks and incidents are likely to impact the company’s financials.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.