The writer is partner at Krebs Stamos Group and former director of the US Cybersecurity and Infrastructure Security Agency
The Securities and Exchange Commission (SEC) recently announced a highly anticipated set of cyber security regulations, requiring companies to publicly disclose incidents and regularly report on governance. At first glance, these new rules make sense and are even overdue, particularly after a string of high-profile attacks by Russia, China and their proxies. These have rattled industry and government alike, highlighting our reliance on tech companies and their vulnerable products.
The increased transparency will certainly drive much-needed awareness across industry. Corporate discussions around cyber risk are crucial at a time when geopolitics and technology are inextricably linked. But not all the SEC’s additions are positive.