Dec. 15 will mark one year since the Securities and Exchange Commission began enforcing its landmark rule mandating that publicly traded companies disclose “material” cyber incidents. One year in, what have CISOs learned about defining “the ‘m’ word,” and other unforeseen surprises?

Forrester principal analyst Jeff Pollard Pollard will dig into this in detail at the 2024 Forrester Security and Risk Summit Dec. 9 – 11 in Baltimore and online in a session called “A CISO’s Life Preserver for SEC Disclosure Requirements” Wednesday, Dec. 11. He gave InformationWeek a preview of that session, explaining a bit about what CISOs ought to know about materiality. (Good news: it’s less than you think.)


source

Leave a Reply

Your email address will not be published. Required fields are marked *