TechTalk Blog: U.S. SEC To Pay More Attention to Cyber Risk Controls and Disclosures... Finally!

By Brad Monterio posted 02-23-2015 10:13 AM

  

According to a senior official quoted in a recent February 20th ​Reuters story, the U.S. Securities and Exchange Commission (SEC) is "on the lookout for violations such as poor risk controls or lax disclosures relating to hacking and other cyber breaches."  Cybersecurity is certainly a hot topic today - one cannot pick up a newspaper, read a blog or watch a news/cable channel without seeing stories about loss of private company or personal data through cyber hacking. There are many recognizable company names among the victims - Anthem, JP Morgan Chase, Target, Sony Pictures - to name a few, but the risk isn't limited to large public companies.  All organizations need to be proactive in their efforts to thwart cyber terrorists and protect their vital information assets. 

Cyber risk isn't limited to the domain of listed companies. A country's critical infrastructure (e.g., utility networks) are vulnerable and could serve as an Achilles heel to bring down not only networks here and there, but economies, governments and even countries. President Obama in the U.S. has already indicated a desire to work with both sides of the aisle to pass legislation to protect American infrastructure from cyber security risks. And now the SEC is looking to shore up the defenses of listed companies. And not a moment too soon given the recent breaches.

Technology plays an important role in this war on cyber terror and is a topic the IMA Technology Solutions & Practices (TS&P) Committee is interested in.  We want to hear from you about your concerns about cyber security and the ways in which you plan to proactively fight it at your organizations.  How do you use the COSO Internal Controls - Integrated Framework as part of the process?  What best practices do you follow or recommend? What considerations do you have before selecting technology tools?

I'm also excited to point out that cyber security will be front and center on the main stage at the upcoming 2015 IMA Annual Conference and Exhibition as well. Marcus Sachs, VP of National Security Policy at Verizon will be speaking about "The Cyber Security Ecosystem - Where Do I Fit?" on June 22 at 9:15am so please attend his session if you are at the conference.  See http://www.imaconference.org/ for details and registration.



#cybersecurity #cyberterror #disclosure #SEC #cybersecurity #Obama #security #COSO #Reuters #controls #breach #cyberterror #cyberrisk #risk
2 comments
116 views

Permalink

Comments

02-24-2015 10:24 AM

Great points, Glenn. Thanks for your additions!

02-24-2015 10:18 AM

According to Ernst & Young (http://bit.ly/1nIwuLP ), “In today’s modern business, companies face the harsh reality of becoming the target of complex and sophisticated fraud, with even insiders or employees being the perpetrators.” With President Obama weighing in with his thoughts on 2/13/15 at the White House Summit on Cybersecurity and Consumer Protection ( http://1.usa.gov/175mSWw), it is time for board-level conversations related to fraud risks threatening our organizations, if these conversation were not yet occurring. An integrated risk assessment process inclusive of fraud risk (COSO Principle 8) that occurs at both the entity and business process levels is needed at all of our organizations to leverage compliance for business excellence.