New SEC Cyber Rules Bring Third-Party Risk and Compliance to Forefront
The recent implementation of new cybersecurity incident disclosure requirements by the U.S. Securities and Exchange Commission (SEC) has placed third-party cyber risk squarely in the spotlight. These new regulations underscore the materiality of third-party cyber risk, emphasizing its significance as a business risk. The SEC's final rule acknowledges that a substantial number of organizations, approximately 98%, rely on third-party vendors that have suffered breaches within the last two years.