Cybersecurity may seem like a modern phenomenon, but it’s been around for quite a while*—almost 200 years, in fact: the first cyberattack was actually carried out in 1834 when two canny French thieves hacked into France’s telegraph system to steal financial market information.
Today the risks are of course far more common as criminals constantly look for ways to get around defenses to obtain data for financial gain and other nefarious purposes. Corporate entities must therefore always be on top of this issue, but even more so now that the SEC has put in place new cybersecurity incident reporting and disclosure regulations that come into effect very soon.
Internal Audit Checks and Balances
By the end of 2023, public companies will be subject to the new SEC disclosure requirements related to how they manage their cybersecurity risk and strategy, which only give them a short window within which to disclose any material cybersecurity incidents that strike.
Internal Audit can play a key role in supporting management’s implementation of these new SEC cybersecurity disclosure requirements. Some things Internal Audit can help an organization to do to mitigate risks include:
- Understand and independently evaluate existing, newly-designed, and implemented cybersecurity and disclosure controls.
- Coordinate with management, IT/Security, Finance, SOX teams and other cross-functional teams to address any identified design gaps.
- Assist with the determination of materiality.
- Perform an independent assessment of management’s incident response plan.
- Assess your organization’s cybersecurity capabilities and risk management strategies.
- Review the company’s cybersecurity policies and procedures to ensure they are current and effective.
- Evaluate third-party vendor risk management program and management’s plans to integrate third parties into the incident reporting framework.
- Increase cybersecurity awareness with the Audit Committee and Board.
To find out more details about the new regulations, read our RoseRyan Insights blog ‘Dealing With The SEC’s Tight Timeframe For Complying With The New Cybersecurity Disclosure Rules’. And if you need help with doing an Internal Audit, reach out to us today.