In the wake of new cybersecurity rules from the Securities and Exchange Commission, public company executives intend to bolster their own protections and push third parties that deal with them to do the same. That's according to a poll from Deloitte of 1,300 C-suite and other executives from publicly traded organizations in August.
The new
Notably, the new rule will also require issuers to consider incidents occurring both internally and within third-party service providers.
The Deloitte poll found that 51.1% of executives intend to strengthen their companies' own cybersecurity programs as well as push third parties that deal with their organizations to do the same. This is in contrast to 13.7% who will only focus on their own organization, and 3% who will focus only on third parties. On this topic, it also found that 33.9% of executives have already evaluated their communications processes with third-party service providers or have begun the process; 27.4% said they haven't yet but intend to do so in the future. Just 4.4% said they have no plans at all to do this.
Regardless of progress, most executives feel well prepared for the new rules. The poll found that 53% of organizations have been preparing for at least six months, if not more; meanwhile, 26.1% said they haven't prepared to comply but anticipate they will be able to do so within the mandatory deadlines.
"Leading public companies have invested considerable time into maturing their cyber, risk management and governance capabilities in anticipation of the now finalized SEC cyber rules," said Naj Adib, a Deloitte Risk and Financial Advisory principal in cyber and strategic risk. "Those efforts should continue to focus on reaching across silos — both within the organization's relevant business functions and with third parties, as regulator and stakeholder expectations of continuously strengthened cyber programs continue to rise."