Cybersecurity for Publicly Traded Saving Institutions
The increase in cybersecurity threats requires organizations to develop a Cybersecurity program to evaluate technology risk and develop response plans to the possible threats. Regulators at the U.S. Securities and Exchange Commission (SEC) have identified this need and have mandated transparency of the processes by which they identify material cybersecurity risks in their annual report and to report any cyber attacks within four business days after a company determines it will have a material impact on the business.
Project Goal
The intent of this cybersecurity research is to perform a targeted evaluation of public companies within a single industry based on the Standard Industrial Classification (SIC) codes reported to the SEC. In this case, companies that have self-identified as Saving Institutions (SIC codes 6035 and 6036). The analysis of the data collected will be used to draft a whitepaper for publishing in relevant industry publications.
Identification of In-Scope Companies
The sample set of eighty companies was based on the SEC Financial Statements Data Sets between January 2022 and June 2023. Several companies have been excluded from the scope because they are not actively trading. Others have been removed due to mergers and acquisitions. One company was removed because it is not based in the United States.
Data Collection
All companies in scope will be asked to complete an online survey, followed by a management interview, ensuring consistent responses across all participants. All responses will be kept confidential, and results will be present in the aggregate.