Article
July 23, 2024
By Scott Radcliffe
Newly introduced SEC reporting requirements now compel publicly traded companies to report “material” cybersecurity incidents within four business days and outline related details on risk management and strategy in their 10K filings.
These new requirements are just one of many indications that governments are taking more public action when it comes to protecting data. Companies are now beginning to understand that the evaluation of their preparation and response may have as much reputational impact as the data breach itself.
Adding to the complexity is the quickly evolving regulatory environment in the U.S. that is likely to see further changes and court challenges in the wake of recent Supreme Court decisions.
With this increased SEC scrutiny, companies now need to up their game and will have to consider:
Beyond whether they have a response plan or not. Today, the quality of that response plan is even more critical.
This escalates the need to modernize the approach to response plans –
from crisis planning to investor relations. As quickly as the threat landscape is evolving and organizations themselves change, clients will need to make sure their response plans have adapted as well.
How (or if) their plan was rehearsed and reinforced through employee training.
Immersive and effective table-top training sessions and simulations help
practice established plans. To further increase effectiveness, it’s important to
plan and execute creative and engaging employee training campaigns that
ladder to those plans and priorities as well.
Public disclosure requirements in response to a data breach can represent just the beginning of the reputational risk companies face due to government regulations or actions following a data breach:
Disclosing a breach that’s had a material impact on business can lead to
subsequent action by government entities – and already has in many cases.
Such actions include public investigations and legislative hearings, presenting far greater reputational risk than the initial disclosure.
As governments face more pressure to act against cybercriminals and protect the data of their citizens, they are also taking additional – and more public – steps to hold companies that are compromised by data breaches accountable.
See what else is happening
You might also like
-
Expertise
Observations & Opportunities for Brands Tapping into the Summer Games
July 22, 2024
-
Expertise
Protecting Your Reputation When the Supply Chain Breaks
July 18, 2024
-
Expertise
Leaning into the Rise of Creator-Generated Content: Utilizing a Trend Lab
July 11, 2024
-
Expertise
Collision: Three Key Sports Opportunities for Brands
July 10, 2024
-
Expertise
Do You Still Need a Crisis Communications Playbook?
June 26, 2024
-
Expertise
Navigating the Evolving Cyber Threats Landscape: Strengthening Defense and Crisis Preparedness
June 20, 2024
-
Expertise
But First, Listen: Three Ways Femtech Brands Can Reach Women and Drive Change Through Communications
June 17, 2024
-
Expertise
Unveiling the Future: Insights into AI at Axios’ AI+ Summit in New York
June 11, 2024
-
Expertise
TikTokTech: At RSA Conference, AI Dominates the Security Conversation
June 4, 2024
