https://www.eventbrite.com/e/denver-issa-privacy-special-interest-group-tickets-743884798457
Speakers:
Doug Brush, Cyber Resilience and Data Governance Expert
David Navetta, Partner, Cyber/Data/Privacy at Cooley LLP
Abstract:
Securities and Exchange Commission Chair Gary Gensler said, "Whether a company loses a factory in a fire, or millions of files in a cybersecurity incident, it may be material to investors" upon adopting a new SEC rule on July 26, 2023, on cybersecurity risk management, strategy, governance, and incident disclosure by public companies. This rule, referred to as the Sarbanes-Oxley for information security and data protection, will force cyber risk management from the server room to the board room and change the industry.
Cybersecurity has been an IT function for decades, often thought of in hindsight after a data security or cyber incident without financial impacts on publicly traded companies in the form of material losses that would have regulatory, legal, or financial repercussions for organizations and their leadership. The new SEC rule will force an approach to duty-of-care obligations on reasonable cybersecurity standards that currently exist for directors and officers in other areas of corporate governance. Failure to comply with these rules will have severe career and financial impacts on executives.
In this presentation, we will cover the critical points of the new SEC ruling, what you need to do before and after its December 18, 2023, effective date, how it impacts current approaches to cybersecurity and data governance and the potential risks for rule violations.