The CISO and the SEC

Beth Waller, Woods Rogers principal and chair of the Cybersecurity & Data Privacy practice, was recently a guest on the inaugural episode of Dark Reading Confidential, a podcast hosted by the editors of Dark Reading focused on real-world stories straight from the cyber trenches. Beth joined an impressive lineup of leaders in cybersecurity, including Reddit’s Frederick “Flee” Lee, CISO, and Ben Lee, Chief Legal Officer, and Dark Reading’s Editor-in-Chief Kelly Jackson Higgins, Senior Editor Becky Bracken, and Managing Editor of Commentary and Copy Jim Donahue.

The topic for the episode centered on the increasingly complicated relationship between the Securities and Exchange Commission (SEC) and the role that a Chief Information Security Officer (CISO) plays in publicly traded companies following a data incident. The industry finds itself in unchartered territory with CISOs in the hot seat following the July 2023 rules from the SEC requiring disclosure within four days of a “material incident or breach.”

Beth points out in the episode that CISOs are in stressful positions, having to respond to many stakeholders in the hours following an incident. “There’s a lot of risk and things that CISOs need to be thinking about. The SEC has zoned in on that and said, ‘Look, we need to see these disclosures not only in terms of the incident being disclosed right away but also in terms of your continuing obligation to tell us what it is that’s risky in your company.’”

With the new rules putting CISOs in the spotlight – and in two incidents recently, also in the headlines – it’s more important than ever for CISOs to take the lead on preparing an incident response plan, rehearsing it in real-time with all involved parties to address risks and identify key reporting requirements in the timeline post-incident.

The episode is available wherever you like to listen to your favorite podcasts or on Dark Reading’s website.