On July 26, 2023, the Securities and Exchange Commission (SEC) passed cybersecurity regulations for publicly traded companies, marking a significant shift in the cybersecurity regulation landscape. This was revealed by SEC Commissioner Jaime Lizárraga at an open meeting.
A sobering statistic shared by Commissioner Lizárraga is that 83 percent of companies experienced more than one data breach last year alone, with the cost averaging $9.44 million per breach in the U.S. Alarmingly, data breaches have seen a 600 percent increase over the last decade, leading to substantial costs across the U.S.
These new regulations, therefore, are a crucial move by the SEC to try to bring these numbers down. The rules revolve around a concept known as ‘Show Your Work,’ essentially pushing companies to document their Materiality Analysis as per the guidelines provided by the National Institute of Standards and Technology’s Federal Information Processing Standards (NIST FIPS 199).
The rationale being that detailed documentation of these analyses can go a long way in not just preventing future breaches but also helping contain and mitigate the fallout should they occur. Of course, complying with these new regulations will be a vital concern for publicly traded companies to avoid regulatory violations aside from the obvious cybersecurity concerns.
As the latest evolution in the regulatory approach towards cybersecurity, it remains to be seen how effective these new measures will be, especially given the ever-increasing sophistication of cyber threats.
For more information on the new SEC regulations and their impact, you can refer to the full document here.