Smeeta Ramarathnam, the Chief of Staff to SEC Commisioner Luis Aguilar, told a group of security and legal experts in San Francisco that the Securities and Exchange Commission (SEC) is about to “enter a “time of great change” as it pertains to regulation for disclosing cyber security incidents.
During a Thursday morning panel at RSA Conference 2015, called “Full Disclosure: What Companies Should Tell Investors about Cyber Incidents,” Ramarathnam, and Jonas Kron, director of shareholder advocacy with Trillium Asset Management, discussed board of directors’ growing concerns and sense of responsibility in the face of high-profile breaches, which will indelibly engage investors’ attentions.
“Hardly a day goes by without another breach being reported,” Ramarathnam said, explaining that the SEC’s is tasked with formally overseeing security incidents or issues that would impact the integrity of market systems, customer data protection and disclosure of material infromation.
While the SEC’s Division of Corporation Finance published guidance in 2011 to make companies aware of the agency’s views on what needs to be reported as far a material information disclosure related to cyber incidents, Ramarathnam noted that the guidance provided context for current SEC rules, but no new regulatory obligations for organizations.
Ramarathnam added that the SEC is currently aiming to improve its inspections and investigations by leveraging data analystics more often, not just in cyber security incidents, but for regulatory matters in general.
At the panel, Trillium’s Kron also gave pointed insight on how investors’ interests are often diversified, meaning they’ve invested in multiple companies so are interested in how the larger market (and not one sector or firm) will be impacted by evolving cyber threats.
Though investors want to be assured that adequate security measures and response efforts are in place at companies they hold stake in, they typically aren’t expecting to receive granular information on day-to-day activities or threat alerts, Kron explained.
“In some ways, what we want is good information, not fast information,” Kron said of investors.
Read More Source: http://ift.tt/1yUuica
from cyber security caucus http://ift.tt/1JCrUHn
via IFTTT
No comments:
Post a Comment