Finance & Banking , Industry Specific , Next-Generation Technologies & Secure Development

SEC Cyber Risk Disclosures: What Companies Need to Know

McGladrey of Hyperproof on Impact of and Best Practices for Cyber Risk Reporting
Kayne McGladrey, field CISO, Hyperproof

Companies are significantly expanding their SEC cyber risk disclosures as they aim to demonstrate their cybersecurity efforts, instill market confidence and potentially improve stock prices, according to Kayne McGladrey, field CISO, Hyperproof.

See Also: OnDemand | CISO Leadership Blueprint to Managing Budgets, Third-Party Risks & Breaches

Cyber risk disclosures vary significantly by industry, McGladrey said, and operative builders frequently mention cybersecurity frameworks, while special purpose acquisition companies, or SPACs, often state that they have no cybersecurity measures due to their nature.

"If I was a ransomware threat actor, I'd look at what their bank accounts look like right now, because they're saying publicly they don't do cybersecurity. I can't imagine the SEC is looking favorably on that," he said.

In this video interview with Information Security Media Group at the Cybersecurity Implications of AI Summit, McGladrey also discussed:

  • Why companies should use tools and software to collect and automatically gather evidence of compliance;
  • The consequences of false cyber risk disclosures;
  • The impact that SEC requirements have on private companies and supply chains.

McGladrey has more than 20 years of leadership experience in companies such as AT&T and Pensar Development. He serves as an advisory board member for several universities and organizations.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.