SEC Cyber Enforcement Chief David Hirsch to Address 2023 FAIR Conference on New SEC Cyber Risk Disclosure Rules
FAIR Conference 2023 is going right to the source on the new cyber risk disclosure rules from the Securities and Exchange Commission that are generating so much uncertainty among public companies in the US: David Hirsch, the SEC official who will enforce this new regulatory initiative, joins a roundtable discussion on disclosure compliance at FAIRCON23, the leading conference for cyber and operational risk managers and cybersecurity defenders.
FAIRCON Event Details:
Roundtable Discussion: How to Get Ready for the New SEC Rules on Cybersecurity
- Moderator: Cody Scott, Security & Risk, Forrester Research
- David Hirsch, Chief of the Crypto Asset and Cyber Unit, Division of Enforcement, SEC
- Suja Chandrasekaran, Board Member, Cardinal Health
- Kurt John, Chief Security Officer, Expedia Group
- Richard Borden, Cybersecurity and Privacy Partner, Frankfurt, Kurnit, Klein, & Selz
Fairmont Hotel, Washington, DC.
Starting December 18, most public companies will be required to report within four days in an 8-K form on cyber attacks with a probable material effect – “material,” that is, in the eyes of investors, a somewhat vague standard that Hirsch will certainly be questioned on by the FAIRCON audience of CISOs and other high-level cyber executives.
The Wall Street Journal recently reported that Clorox, one of the first large companies to suffer a breach since the SEC approved the rules in July, filed two 8-K’s and made other public statements on the attack, trying to meet the new requirements. “Clorox’s string of bulletins over more than four weeks shows how determining the material impact of a cyberattack is unfamiliar ground for companies,” The Journal wrote.
The new rules also mandate that regulated companies disclose in their periodic reports to the SEC their cyber risk governance processes and policies for identifying incidents posing material risks.
Nick Sanna, President and Founder of the FAIR Institute, wrote in a blog post that the SEC is pushing cyber risk management in a direction that’s in line with the quantitative approach advanced by the FAIR movement.
"Cyber risk management programs will have to be effective in helping measure and manage material risk… Companies will be expected to have the ability to break down and quantify how losses materialize for their top cyber risks and incidents…This will be a forcing function for companies to adopt trusted cyber risk quantification models such as FAIR and adopt tools that provide them with visibility into their top risks as key enablers for determining and communicating risk and incident ‘materiality’.”
With SEC cyber enforcement chief David Hirsch on the stage, along with corporate governance, legal, and risk management experts in the roundtable, and an audience of FAIR risk quantification leaders, this session will be one of the most informative and liveliest at FAIRCON23, October 17-18, Fairmont Hotel, Washington, DC.