I wonder whether organisations will actually comply with this requirement?
How will smaller companies comply?
Smaller companies will not be effected by this because it only applies to publicly traded companies, I think once a company gets to that point they are no longer small.
What I don't see is any kind of penalty if a company does not disclose in time or at all.
@JKWiniger I agree, I have asked the question on social media, but no response as yet. Apparently not implemented before December 2023. So it will be interesting what the reaction will be from organisations as a whole.
I find it interesting that publicly traded companies get all these requirements, but SMBs struggle to determine their own cyber-centric identity, posture, and value. It wasn't until yesterday that I learned about the FTC's Section 314, which only broadly addresses cybersecurity through the eyes of consumer protection.
No matter, good move on SEC's part.
@Caute_cautim I wasn't sure if I should make this a new post or just reply... From the same SEC change comes.. Companies Must Have Corporate Cybersecurity Experts!
I think this is a step in the right direction..