Want to know about Cyber Security Rules that are being announced for public limited. Cybersecurity isn’t just about protecting information and communications systems from hackers. It’s also a process that involves preventing damage, unauthorized use or modification of those same resources as well as exploiting them safely so they can be used securely going forward.
As noted by the U.S. Securities and Exchange Commission (“SEC”) in 2018, in a world more and more interconnected digitally, cybersecurity presents ongoing risks to companies operating in all industries, including public companies regulated by the SEC.
It is important to consider the risks and events that a reasonable investor would find significant in making their investment decision. The ever-growing field of cybersecurity presents an additional element which must be understood by all businesses, regardless if they are public or private entities.
Cyber Security Rules 2022: What needs to be done by the Companies?
complying with the new rules will require companies to report certain cybersecurity incidents on a Form 8-K within four days of determining that they are material and at periodic intervals thereafter.
- Policies and procedures to manage cybersecurity risks
- Management’s role in implementing cybersecurity policies and procedures
- Cybersecurity expertise of the board of directors, if any, and its oversight of cybersecurity risk and
- Updates to previously reported material cybersecurity incidents.
The changes to reporting requirements for cybersecurity incidents and previously-undisclosed immaterial incident will provide investors with more information about these events. Companies should be prepared for the short, four-day disclosure requirement and ensure an effective reporting procedure.
Concluding What Needs to be Done
First, public companies should review their risk management policies and procedures to ensure that fulsome cybersecurity risk management is included and up to date given the rapidly evolving nature of the risk. Second, companies must also consider the role of the board of directors. The Board, or a Board committee, should have formal oversight of cybersecurity management. And third, companies must consider the appropriateness, given the individual nature of business and level of exposure, of adding cybersecurity expertise to the Board.