Elizabeth E. McGinn quoted in Cybersecurity Law Report article, “SEC cyber rules: How to prepare for the new 10-K disclosure mandates”
Cybersecurity Law ReportElizabeth E. McGinn
The Cybersecurity Law Report article, “SEC cyber rules: How to prepare for the new 10-K disclosure mandates,” examined the second of two SEC proposed cybersecurity rules. The new mandate provides insight on how companies can comply with the proposed 10-K filing standards for annual reporting that will allow investors to compare companies and pressure them to allocate more resources to cybersecurity, according to the SEC.
McGinn noted that the SEC is looking to see that “cyber risks are considered as part of the company’s entire business strategy and financing, that the money is being allotted to address them,” and she advised companies to “have a continuity plan that notes the risks.”
McGinn also suggested that as vendor breaches are a growing risk, a company’s SEC disclosure team should check more deeply with the point person for vendor management asking questions, such as: “Have you spoken to your vendors recently? When was the last time you did a due diligence review on the vendor? And, have you done any cyber audits?”
Click here to read the full article. Subscription required.