• Enewsletters
  • Webinars
  • eHandbooks
  • Great Question: A Manufacturing Podcast
    • Podcast: How manufacturers are preparing for cyber incidents and new SEC rules
    1. Safety and Security
    2. Industrial Cybersecurity

    Podcast: How manufacturers are preparing for cyber incidents and new SEC rules

    Jan. 31, 2024
    In this episode of Great Question: A Manufacturing Podcast, Dennis Scimeca discusses what manufacturers can do to protect themselves against cyberattacks.

    Dennis Scimeca is the senior editor for technology at IndustryWeek. In his current position, he covers a range of topics, including how innovations in the manufacturing sphere are helping companies improve their competitiveness and their profits. He shines a light on the latest and greatest industrial technology, including vision systems, machine learning/artificial intelligence, virtual and augmented reality, and interactive entertainment. Dennis recently spoke with Smart Industry managing editor Scott Achelpohl about how manufacturing companies can comply with new preparedness and reporting standards.

    Below is an excerpt from the podcast:

    SI: What precisely do the SEC rules say?

    DS: OK, so I'm not going to quote from any of the docs, but the new rules adopted in July 2023 and in effect for all U.S. companies as of mid-December state two requirements. So first, in their annual 10-K filing, companies have to report on cybersecurity risk management strategy and governance. Now if you're not familiar, where an annual report to shareholders might focus almost entirely on financials, a 10-K form is much more comprehensive. It’s information about company history, organizational structure, facilities owned. Basically, all the information an investor needs to really understand how the company is doing.

    So now, in addition to all of that, companies have to describe how they identify and manage material cybersecurity threats, with the material damage of a cybersecurity attack might do past cybersecurity incidents, how much oversight the board of directors has, and how management assesses and manages material risks from cybersecurity threats.

    Smart Industry covers the digital transformation of manufacturing and the IIoT for industrial professionals.

    Visit Smart Industry

    So if a company isn't paying attention to cybersecurity, now investors are going to know about it.

    Second, unless the U.S. Attorney General determines that the disclosure poses a national security or public safety risk, companies must, within four days, disclose cybersecurity incidents that the company determines are material. That's using a new item line on form 8-K. That's the form companies use to report major events that shareholders ought to know about. So now that includes material cybersecurity incidents, incidentally, with material defined as an incident to which there is a substantial likelihood that a reasonable investor would attach importance. And I lied, that is actually quoting something from the SEC. To which there is a substantial likelihood that a reasonable investor would attach importance.

    SI: That's a terrific and detailed answer, Dennis. Thank you. Despite your level of detail, these sound like pretty general guidelines, yes?

    DS: Here's where things get murky. So what is substantial likelihood? Now, in some cases, like the Clorox breach you mentioned that IndustryWeek reported on last September, there is zero argument that that incident wasn't material because the breach actually affected production. You know, there were severe product shortages on shelves. There was no way profits wouldn't be affected. The stock price actually dropped following when that news broke. It absolutely cost them money and shook investor confidence.

    Now, on the other hand, last February, Dole reported a cybersecurity incident after customers in New Mexico and Texas noticed an absence of precut and mixed salad kits on grocery store shelves. So Dole reported it was in the midst of a cyberattack and that slowed its systems down through North America, but also said the effect on operations was minimal. They just put manual operations in place to replace the automated operations and they got things moving again.

    So was that actually a material incident if all that happened was customers not being able to purchase a specific product line for a few weeks? How much money does that cost? Maybe not a lot. You know, in the grand scheme of things, I don't know Dole's books, but it maybe doesn't cost a lot. So did they have to report it?

    About the Podcast
    Great Question: A Manufacturing Podcast offers news and information for the people who make, store and move things and those who manage and maintain the facilities where that work gets done. Manufacturers from chemical producers to automakers to machine shops can listen for critical insights into the technologies, economic conditions and best practices that can influence how to best run facilities to reach operational excellence.

    Listen to another episode and subscribe on your favorite podcast app

    About the Author

    Scott Achelpohl

    Scott Achelpohl is the managing editor of Smart Industry. He has spent stints in business-to-business journalism covering U.S. trucking and transportation for FleetOwner, a sister website and magazine of SI’s at Endeavor Business Media, and branches of the U.S. military for Navy League of the United States. He's a graduate of the University of Kansas and the William Allen White School of Journalism with many years of media experience inside and outside B2B journalism.

    Continue Reading

    Sponsored Recommendations

    Enclosure Climate Control: Achieving the Ideal Temperature

    March 28, 2024
    There are several factors to consider when optimizing the climate inside your electrical enclosure. Download this white paper to learn more.

    Find the ideal enclosure cooling solution for your application

    March 28, 2024
    Use the Climate Control Quickfinder tool to find the ideal climate control solution for your application in just three easy steps.

    Smart Cooling Solutions: Reduce Your Energy Consumption with Advanced Technology from Rittal

    March 28, 2024
    Wall extension cooling units for external or internal mounting in doors and walls using standardized mounting cut-outs. Cooling output 0.3 – 5.8 kW. Also available in energy-efficient...

    Arc Flash Prevention: What You Need to Know

    March 28, 2024
    Download to learn: how an arc flash forms and common causes, safety recommendations to help prevent arc flash exposure (including the use of lockout tagout and energy isolating...