The recent cybersecurity regulations from the SEC have brought significant changes for Chief Information Security Officers (CISOs). Their responsibility is to disclose cyber risks and incidents in their 10-Ks and 8-Ks. Although the SEC’s recent enforcement actions may suggest it is the right thing to do, it can be challenging to disclose cyber risk without exposing potential weaknesses and security gaps.
Ultimately, every CISO wants a way forward to enable them to safely disclose cyber risk and protect them from the SEC’s scrutiny.
Join Richard Watson from EY and Marene Allison, Former CISO of Johnson and Johnson who advise hundreds of CEOs, CISOs, and CFOs on cyber risk and SEC regulations. Accompanying them will be Gaurav Banga, the founder and CEO of Balbix, a leader in AI-powered cyber risk management.
Key areas of their discussion:
- Who is responsible and accountable for complying with the SEC regulations?
- How are firms planning to determine materiality?
- What role does cyber risk quantification play in determining materiality?
- What should companies put in their 10-Ks?
- How is the safe harbor going to/not going to help?