Enhancing the cybersecurity risk framework

Driving cyber to pre-assurance readiness

Amy S. Matsuo

Amy S. Matsuo

Regulatory and ESG Insights Leader, KPMG US

+1 919-664-7100

Matthew P. Miller

Matthew P. Miller

Principal, Advisory, Cyber Security Services, KPMG US


May 1 marks the compliance date for the banking agencies’ cyber incident notification rule. Public companies are within the comment period for the SEC cyber proposal. Warnings from the Administration on potential cyber threats continue to abound.

What are companies doing? They are quickly assessing and operationalizing how they can continuously enhance cyber risk management, governance, and reporting/disclosures preparedness in anticipation of potential increases in financial and non-financial cyber reporting.

Our point of view, Enhancing the cybersecurity risk framework: Driving cyber to pre-assurance readiness, compares regulatory issuances across the banking agencies, the SEC, NYDFS, FinCEN, and related privacy regulations, including the CCPA/CPRA and GDPR, and outlines key actions companies can take in preparation for improving the effectiveness of their cybersecurity risk framework.

Related content

Get the latest thinking from KPMG