The SEC Won’t Let CISOs Be: Understanding New SaaS Cybersecurity Rules
The new cybersecurity mandates make no distinction between data exposed in a breach that was stored on-premise, in the cloud, or in SaaS environments. In the SEC’s own words: “We do not believe that a reasonable investor would view a significant data breach as immaterial merely because the data are housed on a cloud service.”