The Gately Report: Noname Security Expects SEC Rule Changes to Increase Sales

Rule changes for reporting cyberattacks will likely spur more dialogue about cyber readiness and investment in new technology like what Noname Security offers.

That’s according to Karl Mattson, Noname Security's field CISO. The U.S. Securities and Exchange Commission (SEC) rule changes took effect last month.

Public companies are now required to publicly disclose material cybersecurity incidents within four days. The disclosure may be delayed if the U.S. Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety, and notifies the Commission of such determination in writing.

The SEC rule changes also include annual reporting of cybersecurity risk management, strategy and governance.

Noname Security's Karl Mattson

“What it really does is it changes the dialogue at the board level and the executive team because as a technical matter, with the change of reporting frequency, public companies already have that process developed,” Mattson said. “There are playbooks, there are processes, and there are notifications to customers and regulators. All that stuff already exists. So by lowering the threshold to four days, what the SEC is really prompting to happen is to have governance conversations consistently, continuously with general counsel and at the board level.”

New Investment in Noname Security Coming

Gone are the days when a board conversation on cybersecurity could be once a year, Mattson said.

“Now it has to be almost in immediate real time because if there is an incident and there needs to be disclosure, and the consequences are going to be immediate, it places this intense spotlight on an organization's governance, the conversations that the CISO is having with the board, general counsel and CIOs,” Mattson said. “And so what that concentrated dose of governance will probably do is result in more decisions in the investment in new security technologies like Noname. So it has the downstream impact of probably prompting new investment. But in and of itself, it's a governance requirement and there isn't any technology that changes the quality of the dialogue between a CEO, a CISO, a general counsel, etc. That dialogue is really what rulemaking is all about.”

Scroll through our slideshow above for more from Noname Security and more cybersecurity news.