The US Securities and Exchange Commission (SEC) has adopted new cybersecurity rules for publicly traded companies. Under these rules, companies will be required to disclose a cyber incident within four days of determining that it could have a material effect on investors. Exceptions will be made if disclosure would have adverse implications for national security. Companies will also have to provide periodic reports on their efforts to manage cyber threats. Additionally, broker-dealers will need to address conflicts of interest when using artificial intelligence in trading, in order to prevent a repetition of the 2021 “meme-stock rally.”
Moody’s Investors Service sees the new rules as a positive step towards transparency in the cybersecurity risk space. The rules will bring more consistency and predictability while helping companies compare practices and potentially improve their cyber defenses. However, smaller companies with limited resources may face challenges in meeting the new disclosure standards.
Chris Denbigh-White, CISO of data protection firm Next DLP, highlights the importance of a less-discussed aspect of the rules: item 1.06. This requirement emphasizes the need for annual attestation, focusing on what companies should continuously do to avoid cyber incidents. Denbigh-White draws parallels between this annual reporting mandate and ISO-27001, an information security management standard. He believes these rules will push organizations to reevaluate their cyber risk management approach, ensuring that it extends to the highest levels of the company.
In other news, several acquisitions have been announced in the cybersecurity space. Coro has acquired Privatise, an Israeli network security solutions supplier. This move will enhance Coro’s all-in-one platform with critical secure access service edge (SASE) capabilities. Thales has acquired Imperva from Thoma Bravo for $3.6 billion, significantly expanding Thales’ accessible market and positioning them as a global cybersecurity integrated player.
OneTrust, a trust intelligence software provider, has raised $150 million in funding to support its growth and meet customer demand. This brings their total funding acquired to over $1 billion. Japanese private blockchain technology company Earlyworks has priced its American Depositary Shares at $5 each, expecting to receive $6 million in aggregate gross proceeds from the offering.
There have also been several executive moves in the cybersecurity industry. Salt Security has appointed Ori Branch as Executive Vice President of Product. Schellman has appointed Jennifer Walsh as the new Chief Financial Officer. ColorTokens has welcomed Agnidipta Sarkar as Vice President, CISO advisory. Future Technologies has appointed Rober Miller as CEO. VeriDas has expanded its North American team by appointing Kevin Vreeland as General Manager. Jordan Burris has joined the Identity Theft Resource Center’s board of directors. V2X has hired Roger Ouellette as its newest CISO.
In the labor market, a report by Cengage Group reveals that recent graduates of cybersecurity programs feel threatened by AI and question their readiness for the workforce. Employers have also changed their requirements and prioritizations when hiring new employees due to AI, with 50% dropping the 2 and 4-year degree requirements for entry-level positions.
Lastly, Cisco has announced layoffs as part of its rebalancing effort, which began in November 2022. The company has not provided specific numbers, but this move is expected to impact its workforce.