Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
July 18, 2022
Gone are the days when cybersecurity was just an information technology (IT) problem. Cyber risk is central to business risk, making it a board-level issue. For the first time, a proposed rule set from the US Securities and Exchange Commission (SEC) will require virtually all commission registrants to provide a series of cybersecurity disclosures within mandated annual and quarterly reporting. This decision is a nod to the importance of cybersecurity standards and what investors need to know to make an informed decision.
There have been several cybersecurity-centered proposals for registered investment advisors and funds of late, including the Cybersecurity Disclosure Act of 2017, the Strengthening of America Cybersecurity Act in March 2022, and the Better Cybercrime Metrics Act that just passed last month. This proposed rule drives standardization around reporting and what constitutes an incident or a breach as essential to safeguarding business against attackers.
Specifically, the SEC’s proposed rules will:
Note the importance the rule set places on board directors. By mandating cybersecurity information disclosure via the 10-K, there’s a big focus on oversight and “management’s role and expertise in assessing and managing cybersecurity risk and implementing the registrant’s cybersecurity policies, procedures, and strategies.”
The SEC is finally driving standards to help establish the critical role of corporate governance in security across all sectors. With the proposal focusing on themes of cyber risk, governance structure, and metrics and analytics to fuel oversight, here are some questions you should be asking now to ensure readiness for the forthcoming rule:
On Governance Structure
On Metrics and Analytics
Will the rule set come to pass? Yes, in this writer’s humble opinion. I recommend we treat the proposed role as a coming mandatory regulation and start preparing now. Cybersecurity should be looked at as an enabler of any company’s growth and digital transformation strategy, with cyber resilience critical to a company’s future success. While the details of the final rule may vary slightly, the principles of risk management, governance, resilience, and attention to third party risk are and will remain best practice areas for cybersecurity programs.
In addition, penalties for violations will likely be steep. Recent SEC examples of penalties for smaller scale control failures are numerous and total well over $1 million in fines. Additionally, as the proposed rules are tied to annual investor reports, failure to adhere to them will also impact an organization’s brand and reputation and can skew investment and credit ratings.
The bottom line is that cybersecurity must encompass an entire organization from the boardroom to the mailroom to be effective against the increasingly sophisticated threats we’re seeing today and will continue to see in the future. The SEC’s proposed rules are an important step in securing corporate registrants’ success.
This article originally appeared on the NACD BoardTalk blog. Reprinted with permission.https://blog.nacdonline.org/posts/sec-cybersecurity-board-accountability
Optiv Security: Secure greatness.™
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
June 30, 2022
Cyber attacks in the Russia-Ukraine conflict continue to mount. Get updates about WhisperGate, CaddyWiper and other exploits from Optiv's gTIC.
April 20, 2022
The Cyber Incident Reporting for Critical Infrastructure Act requires organizations to report cybersecurity incidents within 72 hours.
April 14, 2022
The new Gramm-Leach-Bliley Act (GLBA) Safeguards Rule is much more prescriptive and has more “teeth.” The compliance deadline is December 9, 2022.
Let us know what you need, and we will have an Optiv professional contact you shortly.