Breach Notification , Incident & Breach Response , Security Operations
What New SEC Reporting Rules Mean for Less-Regulated Firms
Snyk CEO on Why Publicly Traded Entities Need Better Security PracticesThe new U.S. reporting requirements will force publicly-traded companies in industries outside of financial services with fewer regulations to improve their security practices.
See Also: The CIS Security Operations Center (SOC)
Snyk CEO Peter McKay said public companies in possession of credit card numbers or other personal identifiable information must level up since they now need to document their process for assessing, identifying and managing risk. In addition, AI-driven initiatives have created greater regulatory exposure and risk than these companies had a year or two ago, given the centrality of data to their AI efforts (see: Snyk CEO Peter McKay on Making Defense Easier for Developers).
"Financial services was the tip of the spear for a lot of the cyber, and now you're seeing a lot of catch-up," McKay said. "Now, you're seeing the long tail of lowly regulated companies. That baseline, that bottom - the minimum viable security - has just looped up for everybody."
In this video interview with Information Security Media Group, McKay also discussed:
- The impact of the SEC's new incident disclosure rules on developers;
- What the new SEC rules mean for private firms, federal agencies;
- The security risks associated with adopting generative AI and LLMs.
McKay has led Snyk since June 2019. Prior to that, he spent two and a half years as co-CEO and president of backup and data management platform Veeam. Before that, McKay spent three and a half years leading desktop-as-a-service company Desktone and spearheading its acquisition by VMware, where he ran the virtualization giant's $3.7 billion Americas business. Prior to joining Desktone, McKay spent nearly eight years leading web application security vendor Watchfire, which was acquired by IBM in June 2007.