Finance & Banking , Industry Specific , Next-Generation Technologies & Secure Development
SEC Cyber Risk Disclosures: What Companies Need to Know
McGladrey of Hyperproof on Impact of and Best Practices for Cyber Risk ReportingCompanies are significantly expanding their SEC cyber risk disclosures as they aim to demonstrate their cybersecurity efforts, instill market confidence and potentially improve stock prices, according to Kayne McGladrey, field CISO, Hyperproof.
See Also: OnDemand | CISO Leadership Blueprint to Managing Budgets, Third-Party Risks & Breaches
Cyber risk disclosures vary significantly by industry, McGladrey said, and operative builders frequently mention cybersecurity frameworks, while special purpose acquisition companies, or SPACs, often state that they have no cybersecurity measures due to their nature.
"If I was a ransomware threat actor, I'd look at what their bank accounts look like right now, because they're saying publicly they don't do cybersecurity. I can't imagine the SEC is looking favorably on that," he said.
In this video interview with Information Security Media Group at the Cybersecurity Implications of AI Summit, McGladrey also discussed:
- Why companies should use tools and software to collect and automatically gather evidence of compliance;
- The consequences of false cyber risk disclosures;
- The impact that SEC requirements have on private companies and supply chains.
McGladrey has more than 20 years of leadership experience in companies such as AT&T and Pensar Development. He serves as an advisory board member for several universities and organizations.