May 1 marks the compliance date for the banking agencies’ cyber incident notification rule. Public companies are within the comment period for the SEC cyber proposal. Warnings from the Administration on potential cyber threats continue to abound.
What are companies doing? They are quickly assessing and operationalizing how they can continuously enhance cyber risk management, governance, and reporting/disclosures preparedness in anticipation of potential increases in financial and non-financial cyber reporting.
Our point of view, Enhancing the cybersecurity risk framework: Driving cyber to pre-assurance readiness, compares regulatory issuances across the banking agencies, the SEC, NYDFS, FinCEN, and related privacy regulations, including the CCPA/CPRA and GDPR, and outlines key actions companies can take in preparation for improving the effectiveness of their cybersecurity risk framework.