Similarities Between SOX And SEC’s Cyber Rule – Padraic O’Reilly – BSW #373
Full Audio
View Show IndexSegments
1. Similarities Between SOX And SEC’s Cyber Rule – Padraic O’Reilly – BSW #373
The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new cybersecurity rule represents a similar pursuit to restore investor confidence — this time for the digital age, centered on integrating cybersecurity into overall risk management.
Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss the similarities between SOX and SEC's Cyber Rule. The SEC's cybersecurity rule introduced several vital requirements that build on the principles established by SOX, including:
- Companies must report material cybersecurity incidents on Form 8-K, ensuring timely and transparent disclosure to investors.
- Companies must provide regular updates on their cybersecurity risk management policies, the role of management in implementing these policies and the board's oversight of cybersecurity risks.
- The rule encourages companies to disclose the cybersecurity expertise of their board members, highlighting the importance of informed oversight in managing cyber risks.
- The rule requires cybersecurity disclosures to be presented in Inline Extensible Business Reporting Language, or Inline XBRL, ensuring consistency and comparability across filings.
This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!
Sponsored By
Guest
Padraic O’Reilly is Chief Product Officer and Co-Founder at CyberSaint, where he leads product innovation and development. His experience as a Harvard-trained economist, IT risk and compliance consultant, and his rapid exposure to Cybersecurity led him to seek out CISOs, CIOs, and Boards of Directors at global organizations to pursue the answer to the question – how can cyber be managed, measured, and understood like any other business function? Padraic’s current activity spans working directly with organizations from public agencies to private companies across the globe to understand how to measure cyber risk, especially amidst the global pandemic which is fueling massive digital transformation projects around the world. Padraic was a key member of the group providing feedback on the NIST Cybersecurity Framework during its development, and is an expert in regulatory standards both in security and privacy, including the NIST Risk Management and NIST Privacy Frameworks. An expert in Artificial Intelligence (AI) and economic modeling, Padraic works with members of the Global 500 to research and deploy risk quantification, risk intelligence gathering, and risk reporting and communication strategies. Padraic also holds a patent entitled, “System And Method for Monitoring And Grading A Cybersecurity Framework” which has inspired much of his work on cohesive IT and cyber risk management approaches.
Hosts
2. Finally, Liability Coverage for CISOs as the Cybersecurity Workforce Peaks – BSW #373
In the leadership and communications segment, Insurance Firm Introduces Liability Coverage for CISOs, How to Navigate a Leadership Transition, Has the Cybersecurity Workforce Peaked? and more!
Announcements
Want to shape the future of identity? Identiverse 2025 is looking for dynamic speakers like you to share groundbreaking ideas with over 3,000 identity and access management leaders. Join the most influential voices in IAM and help drive innovation in our industry. Submit your presentation proposal today at securityweekly.com/idvcfp
Hosts
- 1. Insurance Firm Introduces Liability Coverage for CISOs
A national insurance firm, Crum and Foster, is offering liability insurance coverage for chief information security officers (CISOs), who are facing an increasingly complex cybersecurity landscape while often not being given the same legal protections as other officers in a corporation.
- 2. CISO Forum Virtual Summit is Today
All sessions from the 2024 CISO Forum Virtual Summit are now available to watch on demand.
- 3. Comprehensive Guidelines for Auditing Artificial Intelligence (AI) Systems, Beyond Compliance
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Artificial Intelligence (AI) Risk Management: Thinking Beyond Regulatory Boundaries. Drafted by CSA’s AI Governance & Compliance Working Group, the document offers a comprehensive framework for auditing AI systems, addressing the critical aspects of AI technology and providing auditors with much-needed insights and tools to ensure the reliability and responsible innovation of intelligent systems.
- 4. Don’t Overlook This Critical Skill When Interviewing Executives
Interviews with executive candidates cover a wide range of topics — but decision-making is too often left off the list. According to an 11-country study of over 500 senior executives at large enterprise organizations across 12 industries, a full quarter reported never discussing decision-making during an interview before accepting a position. Those who did were more satisfied with their role. Further, 63% of senior executives reported resigned from a prior job or considered doing so as a direct result of frustration with the organization’s decision-making. So, in addition to bringing up decision-making in an executive search, consider defining the company’s current decision-making state with its ideal one, and be honest about the decision-making challenges the organization faces. This will better prepare the candidate for their new role, and increase the odds of their success.
- 5. How to Navigate a Leadership Transition
Leadership transitions are challenging for both organizations and the leaders who must directly navigate them. But Michael Watkins says they’re also a time of incredible opportunity — especially for those leaders who understand how to handle this crucial period.
- 6. Has the Cybersecurity Workforce Peaked?
While training and credentialing organizations continue to talk about a "gap" in skilled cybersecurity workers, demand — especially for entry-level workers — has plateaued, spurring criticism of the latest rosy stats that seem to support a hot market for qualified cyber pros.
- 7. Effective Communication for Better Productivity
In today’s fast-paced business environment, effective communication is more than just a nice-to-have; it’s a critical component for success. For teams, especially those involved in complex projects, poor communication can lead to rework, frustration, mistrust, and ultimately, disappointed customers. This guide explores the importance of effective communication and offers practical steps, strategies, and tools to enhance team interactions, ensuring smoother operations and happier clients.
