These rules focus on the concept of materiality, though there is disagreement among executives about the simplicity of this concept. Michael Oberlaender, an independent consultant and former chief information security officer, explains that what initially appears to be a minor breach could end up involving millions of compromised records. Rex Booth, CISO at cybersecurity company SailPoint, believes the new rules give security chiefs flexibility in determining when to assess materiality in their incident-response process. He believes that responsible CISOs will have ample time to investigate, determine materiality, and report the incident. Baer also remarks that these rules are likely to increase collaboration between CISOs and boards, as directors need to be aware of details that may impact materiality determinations.

Source: Wall Street Journal August 02, 2023 09:49 UTC