Cyber Attack Reporting: Increasing Regulations & Impact on Industrial Manufacturers

Are you prepared if the proposed regulations pass?

New automation systems and the growing need for interconnectivity is creating new security threats and system complexity for manufacturers’ industrial networks. The impact of a cyber event on operational technology (OT) environments can have different outcomes and responses than in a traditional, data-driven IT environment. An event that shuts off or alters a line can lead to theft of intellectual property and could also impact the safety of employees and consumers.

The financial and safety implications for cyber attacks are driving increased regulations for critical infrastructure and publicly traded companies.

On March 9th, 2023, The SEC published a proposal for Cybersecurity Risk Management, Strategy, Governance, & Incident Disclosure by Public Companies. This proposed regulation would introduce increased requirements for public companies surrounding cyber incident reporting, governance, risk management strategy. If passed, the SEC guidelines will require specific reporting, commentary, and compliance verification surrounding:

-        Risk management strategies

-        Corporate governance

-        Incident reporting

Proposed Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

“Cybersecurity risks and incidents can impact the financial performance or position of a company. Consistent, comparable, and decision-useful disclosures regarding a registrant’s cybersecurity risk management, strategy, and governance practices, as well as a registrant’s response to material cybersecurity incidents, would allow investors to understand such risks and incidents, evaluate a registrant’s risk management and governance practices regarding those risks, and better inform their investment and voting decisions.”

What does this mean for industrial manufacturers?

This proposal could have significant impacts for industrial manufacturers. If passed, publicly traded companies will be required to disclose their cybersecurity risk management strategy, governance and cyber events to the U.S. Securities and Exchange Commission (SEC.)

The specific impacts for manufacturers include:

1.     Increased transparency: Heightened transparency will help investors and stakeholders better understand cybersecurity risks facing facilities and the importance of mitigating risk.

2.     Heightened focus on cybersecurity: The added regulations would likely result in increased focus on cybersecurity for manufacturing executives and management teams.

3.     Compliance requirements: Added disclosure requirements would lead to legal and financial penalties for noncompliance.

4.     Reputational Impact: The added reporting requirements could lead to a negative impact on the reputation of companies that experience a cyber event.

5.     Competitive Advantage: The manufacturers that are able to effectively manage cybersecurity risks could gain a competitive advantage over competitors.

Where to start:

The ever-changing regulations and complexity of systems makes it hard to know where to start in ensuring plants are protected. The National Institute of Standards and Technology (NIST) created a voluntary framework that provides a continuous process to ensure you have the processes and standards in place to protect your plant.

  Cybersecurity Framework.png

 

Wherever you are in your journey, we have cybersecurity solution consultants and specialists to help you build, deliver, and support a plan specific to the needs of your industrial facility. CLICK HERE to connect with us and discuss your cybersecurity preparedness journey.