Logical Advice for CISOs on the SEC Cybersecurity Regulations Webcast Wrap-Up

On Monday, I was thrilled to host an informative webinar Logical Advice for CISOs on the SEC Cybersecurity Regulations. I want to thank our guests Richard Watson, Global Cybersecurity Consulting Leader at EY, Marlene Allison, former CISO at Johnson & Johnson and Gaurav Banga, Founder and CEO at Balbix for their keen insights and lively, informative discussion on the challenges posed by SEC cybersecurity regulations. The recording is available here.

Who was on the webinar:

Our attendees were primarily executive and senior management leaders, CEOs, CTOs, CISOs, and SVPs from US public companies. A significant portion of the participants came from Fortune 1000 companies across multiple industries, highlighting the importance and relevance of SEC regulations to leaders across the board.

Observations:

At the beginning of the webcast we conducted a poll asking What is top of mind on SEC cyber regulations for you? Results were evenly split between Disclosing cyber risk management on Form 10-Ks, Executing board oversight on governance and Developing a materiality determination framework. This indicated a broad realization of the importance of determining materiality and its impact on both providing accurate 10-K responses and reporting cyber risk posture and budgetary needs to the board with confidence.

Overall, there were five key takeaways from the session:

1. Determining what should be disclosed and how to handle materiality in SEC reporting decisions is a key challenge for CISOs: Organizations, especially public companies, need to disclose the material risks they face in their financial reports (like 10-K filings). As a result, materiality determinations are increasingly debated and decided at the executive and board level, which emphasizes the need for CISOs to build clear processes and transparency in handling these debates and decisions.
2. Risk quantification is a crucial tool in quick materiality determination: There are numerous challenges in effectively responding to 10-K filings and executive/board reporting, including the need to involve finance teams, understand the overall impact on the business, and develop mitigation strategies. Automatically quantifying risk makes these discussions and determinations much more accurate, quicker, and easier.
3. Automation and AI are essential tools for modern cybersecurity risk management: Automation and AI enable organizations to more accurately determine their network configurations and assets, identify vulnerabilities, and make more informed decisions regarding material risks.
4. SEC regulations have seriously impacted cybersecurity spending: New SEC regulations have prompted organizations to reevaluate their cybersecurity strategies. These regulations have been a catalyst in forcing organizations to formalize cybersecurity practices and encouraging organizations to invest in mitigating risks.
5. CISOs must take a risk-based approach to cybersecurity funding: A risk-based approach to cybersecurity is critical since there is a misalignment between risk appetite and available funding. By accurately determining risk and quantifying it, CISOs can better justify budget and resource increases with confidence.

What’s next:

If you want to learn more, sign up for a 30-minute demo of the Balbix’s platform and learn how you can quickly respond to SEC reporting requirements and justify your cybersecurity strategy and budget with confidence.