New Cybersecurity Rules
The presentation was delivered by Professor Thu Nguyen. The purpose of the presentation was to discuss the new rules for cybersecurity reporting, implemented in response to the numerous breaches reported in 2023. One insight from the 2023 breaches report showed that 91% of breaches emerged from phishing attacks. “Being attacked isn’t a matter of if; its a matter of when”. The new SEC rules are designed to enhance and standardize the disclosure of cyberattack incidents — breaches deemed material need to be reported within four days of occurrence (unless disclosure threatens national security) and that report should explain the nature, scope, and timing. Organizations are now required to describe the way they define and manage cybersecurity and necessitates cybersecurity subject matter experts. I found this presentation interesting as an MIS student applying for cybersecurity roles.