It’s often said that regulations can’t keep up with the pace at which technology changes—but that doesn’t mean the regulators and organizations that design them aren’t trying their hardest. In fact, the societal ripple effects of more frequent and increasingly damaging cyberattacks and data breaches and a series of high-profile incidents of platform misuse has seen the regulatory hammer begin to fall — hard.
Since just about every company is powered by software and technology these days, this has made cybersecurity a top priority for organizations everywhere. That’s putting a lot of pressure on cybersecurity leaders to level up their governance, risk, and compliance programs.
Here are five looming cybersecurity regulations — from the state level all the way up to the global level — that cyber risk leaders should start preparing for right now:
1. Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure
In March 2022, the U.S. SEC issued the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure requirements. This proposed regulation would apply to public companies, so be on the lookout if you recently IPO’d.
Under this SEC requirement, public companies must share their governance abilities for cybersecurity, including:
Which board members have cybersecurity expertise The processes they have in place to educate their board on cyber risks How their business strategy addresses cyber risks Ensuring they can report cybersecurity incidents within four business days of discovering them How they’re sharing updates on reported cybersecurity incidents
These requirements primarily target the boards of publicly-traded companies, but
Read more