SC Media: New SEC cybersecurity reporting mandates put more pressure on investment firms
Under the SEC’s recent proposals, certain financial firms and listed companies must report cyberattacks to their regulators, create detailed plans for responding to hacks and explain how they manage cybersecurity at all levels. Many industry experts believe this new proposed rule will support financial firms’ ability to fend off cyberattacks."
"The proposed new rule by the SEC, which would require public organizations to disclose cyberattacks within four days, will ensure that organizations are transparent when it comes to disclosing breaches,” said Dr. Francis Gaffney, director for threat intelligence and response for Mimecast. “And it should also help their leaders place more importance on cyber resilience.”
“Cyberattacks are on the rise, and it is often a question of when, not if, one will occur,” Gaffney said. “It is vital business leaders have adequate, multi-layered cybersecurity measures in place as well as a well-rehearsed cyber resilience response plan. Cybersecurity awareness training for their staff that is frequent and engaging also is a crucial defense against cyberattacks.”