[author: Javier Gutierrez]
The Security and Exchange Commission (SEC) announced last year that they would be working on proposed new rules on cyber risk management, strategy, governance and incident disclosure by public companies. By the end of 2023, they will most likely announce their finalized cybersecurity proposal.
The amendments put a particular focus on cybersecurity reporting as well as the organization’s policies and procedures to identify and manage cyber risks. Furthermore, they also deep dive into the organization’s Board of directors’ oversight of cyber risks and knowledge matter in cyber risk management.
Read our article: Cyber Resilience | From Third-Party to Cyber Risk Management to learn why, despite being perceived as a critical area of importance within the organization, oftentimes there are major weak points within the cyber cyber risk management processes of many businesses.
No matter how big or small the organization, this is as good a time as any to review and improve cybersecurity processes and elevate cyber risk management capabilities.
The proposed amendments should not come as any surprise, given the fact that regulators have been suggesting, for quite some time now, to add cybersecurity matter experts to the organization’s Board. Moreover, the amendments aim to inform investors about the cyber risk management, cyber resilience strategy and governance practices of the business, as well as provide relevant information related to cybersecurity incidents.
Transforming Your Cybersecurity Practices
The digital transformation of businesses has significantly expanded their cyber attack surface. Technology is a key partner that delivers powerful value creation across business processes.
More technology means more data, more third-parties, more tools.
As organizations improve their processes with technology, it’s important to fully understand the operational resilience objectives and potential cyber risks that an organization may face. Gaining full visibility of the entire cyber risk landscape is crucial to make risk-aware decisions.
After all, cybersecurity interconnects nearly every core business process and is crucial to ensure business continuity.
Keep in mind the following points when looking to transform your cybersecurity practices:
IT Infrastructure
A complete register of the organization’s technology assets is essential. This marks the starting point for any cybersecurity framework.
Protection Measures
Develop specific measures to put in place in different scenarios, as part of an operational resilience framework.
Regulatory Compliance
Follow the specific regulatory requirements on cyber risk management that impact your organization.
Third-Party Risk Management
At this point, there should be a Third-Party Risk Management (TPRM) program within every organization. It is important to keep in mind that working with any third-party comes with an inherent risk that must be analyzed.
Risk-Aware Culture
Lastly, training and awareness. Technology, processes and people come hand-in-hand, train your teams to make well-informed decisions by creating a risk-aware culture within the organization.
[View source.]
