What to Expect With SEC Cybersecurity Board Disclosure Rules Likely Effective April 2023

  1. Unanticipated legal challenges to SEC rule-making
  2. Unexpected challenges to agency authority and impacts on any new SEC rule
  1. Those organizations whose downstream customers require cybersecurity risk management as part of contracting.
  2. Those organizations with a sincere interest in national security over alliance or cooperation with hostile foreign adversaries.
  3. Those organizations with shareholder pressures to comply
  1. Fortune 50 (with some exceptions, e-commerce, consumer tech, adtech etc)
  2. Fortune 500
  3. Tier 1 hospital chains, publicly traded hospital chain companies pressured by contract scope and related flow down terms related to security controls from insurers
  4. Insurance companies
  5. Russell 3000 index
  6. NonProfit hospitals
  7. NonProfit sector in general (tie for last with private companies). Naiveté and idealism will be a huge challenge here.
  8. Private companies can be predicted to wake up on the issue close to last UNLESS they have cybersecurity customer contract terms to address. Though the rest of the stakeholder, talent, and investor ecosystem could be rife with knowledge gaps and misalignments.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store