In March of 2022 the SEC proposed 7 new cybersecurity disclosure rules with an expected final publish date of April 2023. While this expected date has passed, the new rules are imminent. Companies, both public and private, should be utilizing this time to prepare for the upcoming mandatory governance and reporting requirements.
The SEC’s proposed new cybersecurity disclosure rules include these items:
While your auditors, counsel and finance professionals will be there to help you with the mandatory reporting requirements – including the subtle nuances of qualitative versus quantitative materiality – Critic Ready is here to help you prepare, document and test your cybersecurity incident readiness.
How should you prepare for these impending new rules? Practice.
We feel strongly that the best way to determine an organization’s true state of preparedness and ability to respond is to practice your incident response plan (IRP). Really practice it, not just “review” the plan. Practicing your IRP using a tabletop exercise is key to establishing confidence in your plan and helps ensure there are no gaps.
Our tabletop exercises give members of your team the opportunity to:
In addition to the upcoming mandatory governance and compliance obligations, other ancillary benefits from running tabletop exercises can include lowering your company’s cyber insurance expense, identifying any gaps in any gaps in customer reporting obligations, ensuring all your 3rd party vendors are identified and up-to-speed on their reporting and incident response obligations to you.
By improving your IRP processes before an incident occurs, you reduce the risk of a misstep during an incident such as: failing to include or obtain approval from the authorized manager; losing critical time during an incident; sub-par messaging being communicated to the public or customers; failing to preserve essential evidence; risking reputational damage; or even being denied cyber insurance coverage.
Your company has an existing IR plan. Your company has an impending mandatory SEC obligation. Shouldn’t you learn how your plan performs?
Contact us to learn about:
About Critic Ready
Our founders are both subject matter experts with over 40 collective years working within the cyber security industry. They are an experienced duo with incident response tactical experience and policy/legal background.
After years of recommending other companies to those in their networks who asked, they decided to start their own firm. Critic Ready services are designed for both tenured teams and those who are just organizing their efforts.
Specific, relevant roles and experience each founder has includes:
Copyright © 2023 Critic Ready, LLC - All Rights Reserved.
Powered by GoDaddy
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.