AuditBoard, the leading cloud-based platform transforming audit, risk, compliance, and ESG management, today announced the results of an in-depth study of the impact on businesses of the SEC Cybersecurity Disclosure Rules. The report, based on a survey of over 300 executives and security professionals across North America, finds the majority of respondents (81%) say the new U.S. Securities and Exchange Commission (SEC) cybersecurity disclosure ruling will substantially impact their business. Only half (54%) of those, however, report being highly confident in their organization's ability to comply with the disclosure ruling.
The SEC's new cybersecurity rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure went into effect on Dec. 15, 2023. These new rules mandate that publicly traded companies disclose significant cybersecurity incidents in a timely manner, along with the measures taken to address these threats. Since the final rules were announced in July 2023, companies have been preparing to meet the new requirements.
Mixed State of Organizational Readiness to Meet SEC Requirements
Overall, more than two-thirds of respondents (68%) say the new SEC cybersecurity disclosure overwhelms them. Today, only 2% of survey respondents have yet to start the process to comply with the new ruling. However, fully one-third of respondents are still in the early stages of this process.
The top reported challenges being faced as organizations work to comply with the SEC cybersecurity ruling are quantifying cybersecurity incidents (57%) and determining incident materiality (49%). Nearly half (47%) of those surveyed report that updating the disclosure process is also a top challenge.
Other key findings of the report include:
"Organizations have been planning for the new SEC cybersecurity disclosure rules for some time, but there is still much to be done," said Richard Marcus, Head of Information Security at AuditBoard. "Several points from the SEC's guidance suggest the need for an integrated view and collaboration, including: maintaining disclosure controls and procedures, emphasizing the role of boards of directors in overseeing cybersecurity risk management, having a robust incident response program in place, among others."
Report Methodology
To produce the Decode the New SEC Cybersecurity Disclosure Rules report, AuditBoard collected data from 314 respondents to an online survey conducted in January 2024 by Ascend2 Research. Respondents were security professionals in organizations based primarily in North America, representing a diverse group of industries and company sizes.
To see the full report, please visit AuditBoard.com.
About AuditBoard
AuditBoard is the leading cloud-based platform transforming audit, risk, compliance, and ESG compliance management. Nearly 50% of the Fortune 500 leverage AuditBoard to move their businesses forward with greater clarity and agility. AuditBoard is top-rated by customers on G2, Capterra, and Gartner Peer Insights, and was recently ranked for the fifth year in a row as one of the fastest-growing technology companies in North America by Deloitte. To learn more, visit: AuditBoard.com.
These press releases may also interest you
|