New cybersecurity rules and regulations offer security leaders a great opportunity to elevate their role at their organizations, boosting security investment, according to speakers at the ISC2 Security Congress 2023.
During the opening address, ISC2 CEO Clar Rosso, highlighted the “tsunami” of laws, regulations and policies that have been passed by governments so far this year. These are global and include the EU’s Cyber Resilience Act and new US Securities and Exchange Commission (SEC) incident reporting requirements.
New cyber regulations focus on a range of areas, including workforce development, incident and vulnerability reporting, and securing AI.
A focus of these initiatives is to shift the burden of cybersecurity from customers to developers, which include organizations profiting from digital technologies, said Rosso.
While such regulations place additional responsibilities on security teams, they also offer a huge opportunity for CISOs to boost their influence at the boardroom level. Rosso believes the recognition of the importance of cybersecurity at government level is an opportunity for the industry.
Business Leaders Under the Spotlight
This message was emphasized by Dr Stephen Kraemer, Enterprise Technologist, CxO CISO at AWS, in a session discussing the impact of the recent incident reporting rules introduced by the SEC.
The rules place new obligations on publicly listed companies to provide details into the material impacts of cyber incidents to investors, as well as their processes for managing cyber risk. Crucially, these rules put business leaders under the spotlight, with organizations obligated to describe the board of directors’ oversight of risks from cybersecurity threats and their role and expertise in assessing and managing material risks.
No tags.
