Most experts agree that, regardless of the lawsuit’s outcome, it could affect how companies handle cybersecurity risks.
In July, the agency adopted new cybersecurity disclosure requirements set to take effect in December.
They require companies to report material attacks within four days and to make yearly disclosures about their cybersecurity risk management, strategy and governance.
In a June speech, the S.E.C.’s enforcement director, Gurbir Grewal, said it had “zero tolerance for gamesmanship” around cybersecurity disclosures.
No CISO can now risk basically painting an unrealistically positive picture of cybersecurity.”
Persons:
Gurbir Grewal, ” Wolff, ‘, Ramakrishna, it’ll, ”, Jake Williams, CISOs
Organizations:
cybersecurity