Breach Notification , Incident & Breach Response , Security Operations

What New SEC Reporting Rules Mean for Less-Regulated Firms

Snyk CEO on Why Publicly Traded Entities Need Better Security Practices
Peter McKay, CEO, Snyk (Image: Snyk)

The new U.S. reporting requirements will force publicly-traded companies in industries outside of financial services with fewer regulations to improve their security practices.

See Also: GovExec: Pillars of Modernization

Snyk CEO Peter McKay said public companies in possession of credit card numbers or other personal identifiable information must level up since they now need to document their process for assessing, identifying and managing risk. In addition, AI-driven initiatives have created greater regulatory exposure and risk than these companies had a year or two ago, given the centrality of data to their AI efforts (see: Snyk CEO Peter McKay on Making Defense Easier for Developers).

"Financial services was the tip of the spear for a lot of the cyber, and now you're seeing a lot of catch-up," McKay said. "Now, you're seeing the long tail of lowly regulated companies. That baseline, that bottom - the minimum viable security - has just looped up for everybody."

In this video interview with Information Security Media Group, McKay also discussed:

McKay has led Snyk since June 2019. Prior to that, he spent two and a half years as co-CEO and president of backup and data management platform Veeam. Before that, McKay spent three and a half years leading desktop-as-a-service company Desktone and spearheading its acquisition by VMware, where he ran the virtualization giant's $3.7 billion Americas business. Prior to joining Desktone, McKay spent nearly eight years leading web application security vendor Watchfire, which was acquired by IBM in June 2007.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.