Connect with us

Hi, what are you looking for?

Business

SEC’s Division of Corporation and incident disclosure: Too little, too late?

The SEC’s initial rule on materiality sparked confusion and excessive disclosure from public companies.

Wall Street: — © Digital Journal.
Wall Street: — © Digital Journal.

In the U.S., the director of the Securities and Exchange Commission’s (SEC) Division of Corporation Finance issued a statement addressing early inconsistencies observed under the agency’s new cybersecurity incident disclosure rule.

Following this news, Digital Journal heard from Mike Lyborg, CISO at  Swimlane to consider the implications for the technology community.

Lyborg begins by assessing the communications wave that has been running through the tech sector following the announcement: “The SEC’s initial rule on materiality sparked confusion and excessive disclosure from public companies, prompting a course correction with a new statement from the Division of Corporation Finance.”

As to the implications, Lyborg thinks: “This demonstrates a commitment to refine the rule,  balancing transparency with investor relations and risk management concerns. This rings especially true as 56 percent of companies point to the potential impact on future financial performance as the top factor influencing their assessment of material incidents.”

There are benefits yet issues also remain, observes Lyborg: “While this focus on iterative improvement is commendable, challenges remain. A lack of standardized materiality assessment protocols and maturing risk management practices within companies raise questions about effectively gauging the long-term impact  of cyber incidents.”

This comes down to a confusion between the concepts of regulatory compliance and balanced risk assessment, as Lyborg notes: “It’s crucial to distinguish between compliance and proactive risk management. We’ve seen the “check-the-box” approach fall short time and time again. The SEC’s adjustments seem aimed at preventing investor complacency about cyber threats, but time  is needed for investors to fully understand and utilize this information.”

This means ongoing concerns remain: “The core issue persists: companies struggle to assess materiality under tight deadlines, leading to hasty and potentially incomplete disclosures. Prioritizing robust risk management, supported by thorough evidence collection, is key. This empowers  companies to make informed reporting decisions, regardless of the timeframe.”

In calling for a clearer narrative, Lyborg recommends: “The SEC’s evolving stance acknowledges the need to strike a balance between transparency and investor confidence. Though challenges remain, particularly with materiality assessments, the commitment to continuous improvement signifies a positive step  forward in cybersecurity regulation.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Education bosses in Los Angeles voted Tuesday to work towards a complete ban on the use of smartphones in the city's schools.

Business

Asian markets drifted Thursday as investors try to gauge the outlook for US interest rates.

Business

Whether it’s the timeless class of Harry Kane’s Bentley Continental or the sporty style of Kyle Walker’s Lamborghini Huracan.

Life

These data show an overall trend in fewer miles before a collision globally, suggesting the need for a renewed focus on safety.