Bitsight & RSA 2023: How Security Leaders Are Preparing for the "New Era” of Cybersecurity Disclosure

Panel discussion BitSight RSA
Jake Olcott
Written by Jake Olcott
VP of Communications and Government Affairs, Bitsight

In response to the growing number of cyber incidents, policymakers and regulators around the world are creating new cybersecurity requirements for companies to comply with, including mandates to disclose cyber risks and incidents. For example, new cyber risk disclosure requirements from the U.S. Securities and Exchange Commission (SEC) are anticipated to be adopted in 2023 and would have a major impact on corporate cybersecurity initiatives. 

In addition to dealing with government policymakers and regulators, cybersecurity leaders are also dealing with a variety of stakeholders who are concerned about cybersecurity and have high expectations for effective management, including:

  • Executives and board members
  • Customers and business partners
  • Capital markets (including investors, insurers, and credit rating agencies) 

As demands and expectations increase, cybersecurity leaders are realizing that they must be more transparent about their cybersecurity programs in order to create trust. But how can leaders satisfy these demands and expectations?

Some CISOs are embracing this new era of transparency and leading critical initiatives for their companies. For example, Equifax CISO Jamil Farshchi  implemented a major corporate initiative to proactively disclose information regarding Equifax’s cybersecurity performance to the marketplace. For the last three years, Equifax has published a “Security Annual Report,” a document highlighting its cybersecurity program accomplishments and sharing information to the marketplace so that stakeholders—and the public alike—can better understand the company’s efforts. 

At the RSA Conference on Monday April 24, 2023, 2:20pm PST, Bitsight’s Derek Vadala will moderate a panel, “Preparing for the New Era of Cybersecurity Disclosure.” Panelists will explain new cybersecurity disclosure requirements, and discuss how timely, consistent, and informative disclosure can benefit companies in the marketplace. 

Panel participants include:

  • Derek Vadala, Chief Risk Officer, Bitsight, will moderate the panel and share unique perspectives from his time as Moody’s CISO along with current observations about new disclosure requirements and leading practices for corporate cybersecurity transparency. 

  • Jamil Farshchi, Executive Vice President and CISO of Equifax, brings unique insight and experience providing leadership on cybersecurity transparency and governance and will share critical information about the Equifax program, his interactions with senior executives and the board, and his perspective on how the market is embracing Equifax’s approach.

  • Lesley Ritter, Associate Vice President of Moody’s, has been increasingly involved in analyzing cyber risk as a component of credit risk, having recently produced unique insights into cyber risk affecting bond issuers. She will discuss how cyber resilience and disclosure is an increasingly important factor for the capital markets.

  • Scott Giordano, General Counsel, Spirion, is an attorney with more than 20 years of legal, technology, and risk management experience with insight into the latest disclosure requirements. 

If you are attending the 2023 RSA Conference, please stop by our booth (#1843) for a close-up tour of Bitsight, our engaging theater presentations, and all-new Bitsight swag and prizes!