Return to blog Cybersecurity Regulation Updates, Cybersecurity, Ransomware Protection
March 6, 2023 | By christa

Prepare For Upcoming Cybersecurity Regulations

By law, all publicly traded corporations must inform the SEC if there has been a security incident or breach. However, a 2022 press release detailed that the SEC is modifying and tightening its cybersecurity regulations and disclosure requirements so that companies can implement procedures to more rapidly and adequately disclose events, risk management plans, and Board of Director monitoring. We expect to see these new regulations in the first half of 2023. Keep reading to learn what this means for your company and Board of Directors.

What Are The New Cybersecurity Regulations?

These new regulations aim to alert investors and the general public to attacks on public organizations and corporations. The proposed changes to the regulations state that companies will be required to do the following:

  • Notify the SEC of any “significant cybersecurity incidents” within four days
  • Notify the SEC of insignificant events that, when joined with other events, become significant
  • Update the SEC about previous incidents in periodic SEC disclosures
  • Detail the company’s approach to managing cybersecurity risks
  • Explain how the Board of Directors monitors cyber threats
  • Provide transparency about the Board’s knowledge and expertise in cybersecurity

What Does This Change Mean For The Board of Directors?

Simply stated, these new regulations will  subject businesses and their top executives to stricter regulations and oversight. Under the new rules, businesses must implement and keep up with reasonable cybersecurity practices, detail those practices in public filings, explain how their senior leadership effectively oversees those programs, and report cybersecurity incidents in a way that provides appropriate information to shareholders and the general public.

The Board must ensure that it is ready to supervise the company’s cybersecurity regulation and risk management policies and procedures in light of the increased oversight responsibilities being placed on it.

Next Step Preparations

So what can businesses and their Boards of Directors do to prepare for these cybersecurity regulation changes? Here are a few steps you can take now:

Review cybersecurity and risk management policies and procedures

Companies should review their cybersecurity policies to ensure adequate disclosure controls and processes, including communication between teams involved in cybersecurity and incident response procedures. These systems can take time to update, so start thinking about changes that will need to be made today.

Consider the role of the Board of Directors

The Board must prepare to supervise the company’s cybersecurity and risk management policies and processes due to increasing oversight responsibilities. Consider the board’s information sources and the frequency of discussions about the company’s cyber risks. Decide if the complete Board or a subset of the Board will oversee the monitoring of cyber threats, and make sure they understand and approve of the company’s rules and procedures. With stricter reporting rules, you’ll also want to ensure that the Board is educated on the company’s incident response plan.

LeadingIT Can Help

Although the new SEC cybersecurity rules are important, they are complex and difficult to understand, execute, and comply with. Our team is here to help you prepare for the new regulations. To lessen the possibility of ransomware, phishing, and other cyberattacks, our team can assist in auditing and modifying your cybersecurity policies and processes and provide assistance and training in detecting, responding to, and disclosing breaches. With our help, you can maintain compliance with SEC regulations and protect your business from cybercrime.

LeadingIT offers 24/7, all-inclusive, fast and friendly technology and cybersecurity support for nonprofits, manufacturers, schools, accounting firms, religious organizations, government, and law offices with 20-200 employees across the Chicagoland area.

Do you need cybersecurity support to protect your business? Leave a message for us and we will get back to you right away.



Let Us Be Your Guide In Cybersecurity Protections
And IT Support With Our All-Inclusive Model.

Meet with us