SEC cybersecurity rule targets vendors, increases risk

A new Securities and Exchange Commission (SEC) rule mandates a 30-day reporting period for cybersecurity incidents, placing significant pressure on vendors and financial service providers. Historically, the focus of cyber risk narratives has been on the impact to large enterprises following a breach at a third-party vendor. However, this regulation shifts the spotlight directly onto the vendors themselves, highlighting their critical role and potential vulnerabilities. The rule underscores the evolving landscape of cybersecurity compliance and the increased scrutiny on the entire supply chain.