President Joe Biden’s new Cyber Security Strategy, issued in March 2023, accompanies a wave of regulation that has swept the U.S. As cybersecurity rises through the list of priorities for businesses, legislators and regulatory bodies are following suit, ushering in higher reporting standards and preventative measures.
The U.S. Securities and Exchange Commission’s (SEC’s) 2022 cybersecurity proposal last year was part of this. The “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure” would, if passed, require listed companies to report cybersecurity incidents within 72 hours to investors, shareholders, and customers, as well as the Cybersecurity Infrastructure Security Agency (CISA).