Cyber Risk Materiality SOLVED
for SEC Disclosures
Comply with the new SEC disclosure rules on material risk with quantification and real-time visibility into risk posture with the Safe FAIR-MAM Module
The Challenge of Defining Material Risk
Starting at the end of 2023, the Securities and Exchange Commission has mandated that public companies disclose “material” cybersecurity incidents within 4 days.
The challenge: The SEC doesn’t precisely define ‘materiality’, beyond saying it’s need-to-know information for investors to assess the financial health of a company.
To meet the challenge, companies need a solution to
- Set a target range for material risk – in practical terms, that’s a dollar figure
- Track ongoing risk levels in real-time, ready to report on short notice.
- Do it all in a way that’s open and defensible to the regulators
The Safe Solution:
The FAIR Materiality Assessment Model and the SAFE Platform
Together with the FAIR Institute, Safe Security has developed the FAIR Materiality Assessment Model (FAIR-MAM™), built on Factor Analysis of Information Risk (FAIR™), the standard model for quantification of cyber risk, recognized by the National Institute of Standards and Technology (NIST).
The Safe platform implements FAIR-MAM with proprietary formulas, benchmark loss values, and real-time risk data for an out-of-the-box solution for identifying and tracking materiality.
- FAIR-MAM tracks loss in 10 categories (data breach, ransomware, etc.) down through five or more layers of subcategories (for instance, breach notification or credit monitoring costs)
- Loss can be modeled with customization to any organization’s business structure, assets, risk scenarios, or other requirements.
- FAIR-MAM is an open standard that meets regulators’ demands for transparent disclosure.
See FAIR-MAM in Action Analyzing the Latest Breaches in the News
The online materiality calculator for recent public breaches – “How Material Is that Hack” is based on FAIR-MAM and powered by Safe Security. See real-life examples of materiality assessment for the MGM Resorts, Clorox, Caesars Entertainment, and Johnson Controls breaches. You’ll find this tool highly useful for benchmarking your organization’s potential cyber loss exposure. We’re constantly updating as new reporting develops — so come back often!
3 Steps to Gear up for SEC Materiality Risk Compliance with the Safe Platform
01
Identify the possible categories of probable material losses
Leverage FAIR and FAIR-MAM to taxonomy to understand the potential loss categories. Subsequently game out your top loss event scenarios for their likelihood and impact. Present those hypothetical loss levels to business management to map against your cyber risk appetite.
02
Set risk monitoring to “always on”
The Safe platform aggregates signals across your enterprise attack surface in real time. If a possible material incident strikes, you always have the latest data on loss exposure at hand for a new incident or aggregating multiple past incidents.
03
Activate the FAIR-MAM module
The platform quickly models your loss exposure in financial terms and lets you see if the materiality threshold you have set is likely to be crossed.