The biggest story in the cybersecurity community in the past few weeks isn't President Biden's AI Executive Order. It's the SEC's action against SolarWinds and its CISO, for alleged fraud and internal controls failures.
I anticipate these critical changes flowing through the InfoSec community and wider business as a result of the SEC's interventions:
CISOs will not tolerate any barriers standing in their way to the documenting or circulating of information about and escalation of their cybersecurity concerns. The Board will certainly have to "buy in" to cybersecurity.
There will be a radical overhaul in the nature and content of publicly available cybersecurity information, documentation, reports and sales and marketing material published by business.
A period of risk aversion about such information is inevitable. In particular, this will lead to more granular and fulsome incident reporting, with consequential increases in litigation risks.
Erosion of value will be more likely after a serious cybersecurity incident. Share prices will be a key issue to watch.
Change will be international, come what may.
Please keep in mind that the case is ongoing and the SEC hasn't proved its allegations in a court of law. SolarWinds has published a strong rebuttal of the charges and a view on the risks to transparency that may arise.
Read my fuller perspectives on why this is a game changer and what the changes will look like, here on Forbes.
