CyberSaint and ACSC Research Sheds Light on Enterprise Cyber Risk Reporting Trends in Light of New SEC Rule

New research explores the evolution of cyber risk reporting in light of SEC mandates and long-standing industry challenges

CyberSaint, the leader in cyber risk management, in collaboration with the Advanced Cyber Security Center (ACSC), has conducted a comprehensive focus group study aimed at gaining insight into the dynamics of cyber risk reporting in large enterprises.

[Access the comprehensive research summary here.]

Drivers for Improved Cyber Risk Reporting

Cyber risk reporting has become an essential component of executing proper cyber risk management. According to a report by Cybersecurity Ventures, cybercrime is expected to cost the world $10.5 trillion annually by 2025, highlighting the significant financial and reputational costs of cyber risk incidents, the frequency and severity of cyberattacks, and the importance of effective cyber risk management to protect against cyber threats.

There is a growing demand from investors and other stakeholders for organizations to report on their cyber risk posture. In the United States, the SEC is now requiring public companies to disclose their cybersecurity risks and incidents in their financial filings. The SEC has also issued guidelines for companies to disclose cybersecurity risks and incidents to investors and has emphasized the need for regular cyber risk reporting to board and executive leadership, in accordance with the new rules set forth.

Cyber Risk Reporting Challenges

Despite the obvious need, reporting cyber risk posture up to the Board of Directors or executives can present significant challenges:

• Correlating Cyber Risk to Business Risk: The technical intricacies inherent in cyber risk reporting can present difficulties for non-technical stakeholders, such as board members and executives, who may struggle to fully comprehend the implications of cybersecurity risks when the information isn't contextualized to align with business outcomes.
• Standardizing and Benchmarking: The method of reporting cyber risk varies widely among organizations, making it difficult to establish consistent metrics and benchmarks, hampering the industry's long-desired goal of comparing cybersecurity performance across different business units or industry peers.
• Reliance on Manual Methods: Cyber risk reporting's resource-intensive nature, demanding time and expertise, often forces even large organizations to rely on spreadsheets and PowerPoint presentations to measure and report on cyber risks, resulting in point-in-time views based on outdated data, wasting significant time and resources, and leading to incomplete or inaccurate reporting.

Highlighted Focus Group Research Questions:

The research conducted by the ACSC and CyberSaint provides valuable insights into the challenges and opportunities of cyber risk reporting in large enterprises, and identifies trends that those reporting cyber risk to the board are seeing.

• How has the frequency of cyber risk reporting to the board of directors or board committee changed over the past 3-5 years?
• Does your organization have a council or committee dedicated to overseeing cybersecurity that meets 2+ times per year?
• What are the top two challenges you face in effectively communicating cyber risks to the board?
• Considering the many priorities of board members and executives, which areas of your cyber program are regarded as the most critical by the board?
• Has your Board of Directors expressed a desire for improvements in cyber risk reporting?

This new research can help organizations enhance their cyber risk reporting practices and better protect themselves against cyber threats.

About CyberSaint

CyberSaint delivers the most comprehensive, real-time, and intuitive platform for enterprise cyber risk management. The company’s CyberStrong platform empowers organizations to optimize their cyber posture through automated assessment, cyber risk quantification, remediation and executive reporting, all backed by patented AI technology. C-suites and Boards of the Fortune 500 rely on CyberSaint to gain unparalleled visibility into their cyber risk posture, informing key decisions around resource allocation and resulting in immense time and cost savings. CyberSaint’s customers are empowered to readily fulfill their cyber governance requirements, bridging the gap between technical cyber risk initiatives and their implications on business performance.

About the Advanced Cyber Security Center (ACSC)

The Advanced Cyber Security Center launched in 2011 is a New England based non-profit, member-driven, cybersecurity focused organization. The Center engages in confidential collaborations (operating under an NDA) among members CIOs, CISOs, Risk Officers and Legal Counsels. The ACSC uniquely brings together leading private sector firms, universities, defense nonprofits, the Commonwealth of Massachusetts, the Federal Reserve Bank of Boston, and is a regional partner with the Department of Homeland Security. Our members represent the financial services, healthcare, technology and utilities industries, along with leading universities and the Commonwealth of Massachusetts.

View source version on businesswire.com: https://www.businesswire.com/news/home/20230918430696/en/