Breach Notification , Security Operations , Standards, Regulations & Compliance

New SEC Regulations Shape Cybersecurity Reporting Standards

Paul Kurtz of Splunk on Changes to Breach Reporting, Accountability
Paul Kurtz, field CTO, Splunk

New Security and Exchange Commission regulations mandate that publicly traded companies disclose material cybersecurity events and outline their cybersecurity strategies in 10-K filings. But the clarity around when companies need to report cybersecurity events rests with the board, said Paul Kurtz, field CTO of Splunk.

See Also: The CISO's Response Plan After a Breach

"It's not so much the CISO making the call, but it's the board deciding if whatever has occurred would have a material impact on an investor," he said. The 10-K financial report will now also include specific disclosures about a company's approach to protecting its digital assets. It "relays what the cybersecurity strategy is for the company."

"If company X has said, 'This is our strategy,' and it turns out that they weren't implementing that strategy, it can pose a problem for the company in question. It raises the level of expectations for security overall," he said.

In this video interview with Information Security Media Group at the Fraud, Security and Risk Management Summit, Kurtz discussed:

  • The impact of the new SEC rules on publicly traded companies;
  • Why the new SEC guidelines focus on both transparency and accountability;
  • Advice for a less-resourced organization that doesn't have a mature cyber posture.

Kurtz has led organizations involved in the most pressing national security issues, ranging from counter-terrorism, weapons nonproliferation, critical infrastructure protection, and cybersecurity. His management experience spans government, nonprofits and the private sector.


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.