Preparing to Comply With New Cybersecurity Requirements
July 12, 2022
Recent high-profile cybersecurity incidents have affected large numbers of everyday citizens and have catapulted cybersecurity into the legislative and regulatory spotlight. The U.S. government — along with governments, regulatory agencies and companies around the world — has joined efforts to increase oversight of these incidents. Congress recently passed the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) to require reporting of cyber incidents, and the Securities and Exchange Commission (SEC) has proposed a rule requiring publicly listed companies to report cybersecurity incidents to the SEC and disclose them to investors. Both requirements have important implications for risk management and legal compliance.
Although CIRCIA and SEC regulations target cyberincident reporting, reporting is only one component of a larger framework for cyberincident readiness, response and remediation. Companies preparing to comply with new regulations can segment their preparation into three stages: (1) determining their baseline existing cybersecurity reporting capabilities, (2) identifying gaps to meet reporting requirements and (3) developing a road map to fill existing gaps. We are entering a new era in cybersecurity — one in which oversight of cybersecurity incidents is increasing. Organizations can benefit from establishing or fine-tuning cybercrisis management programs to help them prepare for the increased regulatory requirements.
Get our free daily newsletter
Subscribe for the latest news and business legal developments.
Read this next
In 2018, Robert Salim, 67, realized he was seriously ill. After numerous […]
New rules aimed at lenders, investment funds, and other financial entities would […]