Blog

SEC Amendments Make Cybersecurity Disclosure a Board-level Issue

To better understand what the SEC disclosure rules and the announced amendments mean for organizations, C-suite executives, and Board-level stakeholders, RadarFirst CEO Don India met with privacy, cyber, and risk experts to investigate why the SEC amendments make cybersecurity disclosure a Board-level issue.

The Power of Collaborative Incident Response

It’s easy to denounce silos and promote collaboration, but how does an organization actually go about enabling communication, compliance, and coordinated action across and between departments? Read more from Judy Titera, Independent Director, Consultant (former Chief Privacy Officer at USAA).

To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators

To accurately identify, mitigate, and reduce risks across an organization—be they electronic or paper, malicious or non-malicious—key departments must share the burden of privacy incident response and privacy by design. Collaboration is key, as privacy, security, legal, and product teams effectively work together.

To Manage Enterprise Privacy Risks, CISOs Have to Measure It

When it comes to managing risk, CISOs must know what threatens the privacy and security of their organization’s sensitive data. That means having the ability to identify and measure all the risks lurking throughout the enterprise—no easy feat. Read more on successfully measuring and managing privacy risks in this blog.

Aligning Privacy and Security Incident Response

Privacy and security may have different terminology and short-term objectives, but their overarching mission is the same: to protect the organization and its stakeholders. With proactive relationship-building, ongoing communication to build awareness, and with integration to enable an efficient, collaborative workflow, both teams can achieve their individual and overarching goals better than either would alone.

SEC Cybersecurity Disclosure Rule

Effective on or after December 18, 2023, SEC regulators are requesting clear, documented evidence of how companies conduct cybersecurity materiality assessments and they’re leaving it up to each organization to define for themselves what constitutes material harm and which incidents rise to the level of disclosure.