Standards, Regulations & Compliance
Correlating Cyber Investments With Business Outcomes
CEO Ted Gutierrez on Impact of the New SEC Rules for Reporting Material IncidentsThe new rules adopted by the Securities and Exchange Commission require organizations to report cyber incidents that have a material effect on the business within four days and to annually disclose material information about their cybersecurity risk management, strategy and governance. Ted Gutierrez, the CEO of SecurityGate, said the mandates give "more teeth to the idea that cybersecurity is a business problem" and "bring an element of cybersecurity to the boardroom."
Gutierrez discussed the need for CISOs to link cyber risk and business outcomes - something the new rules will help facilitate. He said the new SEC rules will also force security leaders to define what constitutes a real material impact to the business.
In this episode of CyberEd.io's podcast series "cybersecurity Insights," Gutierrez also discussed:
- Why he thinks cybersecurity should be "less of an alert button and more of a marathon mentality for resource allocation";
- The need to spend less money on solutions and more on training.
His belief that cybersecurity is overcomplicated and needs to be made less technical;
Gutierrez is committed to protecting what matters across operational sectors by fostering collaboration among industrial cyber teams on their cyber improvement journey. With his extensive background as a compliance and risk auditor for critical infrastructure, he understands the challenges in effectively maturing organizational resilience in a decentralized ecosystem. Gutierrez is a U.S. Army veteran and an expert in reconnaissance and surveillance.