Intelligent Tech Channels Issue 63 | Page 34


Preparing the Board for cyber regulations and cyber ranges

Cyber ranges provide evidence which can be presented to regulation Boards and shareholders , proving that an organisation ’ s systems are combat-ready says James Gerber at SimSpace .
James Gerber , Chief Financial Officer at SimSpace

In March 2022 , the Security Exchanges Commission , SEC issued a proposed regulation titled Cybersecurity Risk Management , Strategy , Governance , and Incident Disclosure . Within it , the SEC describes the need to enhance the standardisation of disclosure regarding cybersecurity risk management and reporting . This follows the Cyber Incident Reporting for Critical Infrastructure Act of 2022 , CIRCIA signed into law last March that asks companies to voluntarily disclose their cyber breaches .

With the new proposed regulation , the SEC is suggesting that organisations should be mandated to periodically disclose the policies and procedures they have in place to identify and manage cyber risk . This would include the management ’ s role in implementing cybersecurity best practice as well as their board members ’ cybersecurity expertise . The proposed legislation would also require companies to provide updates about previously reported cybersecurity incidents .
Why disclosures ?
The regulation intends to better inform investors about a registrant ’ s risk management strategies and the governance they have in place to ensure their systems are ready to face a cyberattack . However , this proposed legislation has resulted in outcry and demands for withdrawal from Fortune 100 companies who fear the regulation will incur adverse consequences on shareholder price and stakeholder demand .
Catalysed by the Russian war in Ukraine , threat actors continue to attack national critical infrastructure and governmental organisations around the world . However , these tactics , techniques and procedures , TTPs are now being launched at businesses and organisations as cybercriminals are becoming increasingly focused on extorting and exfiltrating sensitive data from highly lucrative businesses . The IBM Cost of a Data Breach Report 2022 revealed that , reaching an all-time high , the overall cost of a data breach averaged $ 4.35 million in 2022 .
Regulatory bodies have now recognised the importance of cybersecurity legislation for companies as organisations continue
to fall victim to cyber hacks . The goal of ensuring Boards are doing everything in their power to protect sensitive customer and investor data will now make organisations held directly accountable for their cybersecurity defence plans and tools .
A cyber range is a high fidelity , scaled replica of an organisation ’ s production environment complete with accurate terrain and actual , primary defence tools .
34 www . intelligenttechchannels . com