Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
SEC Cybersecurity Disclosure Webinar
This webinar will examine the proposed Securities and Exchange Commission cybersecurity disclosure rule’s main components and outline what your organization can do right now.
March 22, 2022
It’s rare that we go a day without hearing about cybersecurity and resilience in one form or fashion. Maybe it’s a new form of ransomware that can exploit files, perhaps a geopolitical issue that may cause a surge in threat activity. Perhaps an unknowingly compromised third party providing services to well-known (or not-so-well-known) entities that captured personally identifiable information (PII). We can all think back over the last several weeks and probably recall several, if not more, whether or not we’re cybersecurity professionals.
With continual emphasis on the dynamic cybersecurity landscape, regulatory bodies have continued to provide frameworks, advice and guidelines for certain industries and activities being performed. Recent examples include the FDIC, OCC and Federal Reserve coming together for security incident reporting regulations for their covered entities in 2022. However, on March 9, the SEC issued a proposed rule that will apply to over 8,000 public and foreign SEC registrants focused on strengthening cybersecurity posture.
The proposed cybersecurity disclosure rule has three main components: incident disclosure, cybersecurity program disclosure and Board of Directors education disclosure.
Specifically, the proposal would:
Require current reporting about material cybersecurity incidents on Form 8-K;Require periodic disclosures regarding, among other things:A registrant’s policies and procedures to identify and manage cybersecurity risks;Management’s role in implementing cybersecurity policies and procedures;Board of directors’ cybersecurity expertise, if any, and its oversight of cybersecurity risk; andUpdates about previously reported material cybersecurity incidents; and
Require the cybersecurity disclosures to be presented in Inline eXtensible Business Reporting Language (Inline XBRL).
Specifically, the proposal would:
Cybersecurity activities continue to be top of mind across industries. We have seen recent cybersecurity-centered proposals for registered investment advisors and funds, but the proposed SEC rule removes the industry lens and captures the ongoing importance of corporate governance and security awareness. For instance, the specific elements highlight the need for cybersecurity experience and training directly within the Board of Directors.
The proposed rules center on leading practices organizations should strive to achieve, even if not required by regulation to do so. The ruleset emphasizes scalable programs designed to integrate cybersecurity as an enabler, and while the details of the final rule may vary slightly, the principles of risk management, governance, resilience and attention to third parties are best practice areas for cybersecurity programs and can’t be ignored.
The time to act is now. Starting a programmatic approach today will drive readiness success when the disclosure rules become law. As the proposed rules are wide-ranging in coverage and include multiple facets of a cybersecurity program, waiting to start an integrated approach will require organizations to play catch-up across myriad areas, including:
As the trusted cybersecurity partner for many leading organizations, our goal is to quickly highlight these elements to drive awareness and promote cybersecurity across the enterprise. With these proposed rules impacting both financial reporting and operational activities, there has never been a more important time to elevate the cybersecurity conversation within your organization.
Optiv stands ready to help. Please don’t hesitate to contact us at firstname.lastname@example.org.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Cybersecurity Compliance Services
Optiv's Cybersecurity compliance services including, PCI DSS, HITRUST, NIST CSF and ISO 27001, can help you navigate the complex, ever-changing security compliance arena. Learn more today!
What Does the Cybersecurity Executive Order Mean for You?
The executive order on cybersecurity emphasizes coordinated, mandated levels of controls to respond to a growing threat to critical infrastructure.
Executive Order: White House takes on Utility Hackers…
Managing an OT security program that meets C-Suite budgets and White House expectations is difficult but possible.
Let us know what you need, and we will have an Optiv professional contact you shortly.