Do you know how to recognize potential insider threat indicators? Read our guide to common indicators of insider threats and how to stop them.
By Anders Askåsen, Product Marketing Director at Omada
The U.S. regulatory landscape for cybersecurity continues to evolve, with new rules and amendments introducing more stringent disclosure and governance requirements. In July 2023, the Securities and Exchange Commission (SEC) finalized its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule, requiring publicly traded companies to report material cybersecurity incidents within four business days of determination and to provide enhanced annual disclosures after December 15, 2024. These annual disclosures typically involve integrating cybersecurity-related information into annual filings (such as Form 10-K) submitted to the SEC, making cybersecurity posture and risk management activities part of a company’s official financial and operational reporting. At the same time, amendments to New York’s 23 NYCRR 500 cybersecurity regulation, finalized in 2023 and effective on January 1, 2024, mandate stricter governance measures, annual certifications, and tighter incident reporting timelines for financial institutions. Together, these developments underscore the growing emphasis on proactive cybersecurity oversight and highlight a narrow window for organizations to ensure compliance, mitigate potential penalties, and maintain stakeholder trust.
In Europe, a similar shift is taking place. The Digital Operational Resilience Act (DORA) will be effective from January 17, 2025, impacting financial institutions and ICT service providers operating in or serving the European Union. DORA introduces strict incident reporting requirements, mandating that financial entities notify authorities of significant operational disruptions and cyber incidents. This includes notifying relevant authorities within 24 hours of detection, a shorter timeline than the SEC’s four-business-day rule. Organizations subject to DORA must also maintain detailed incident reports that outline root causes, remediation measures, and long-term improvements to operational resilience.
Both the SEC and the EU via DORA highlight a growing global demand for cybersecurity transparency. Under the new SEC rule, companies must disclose material breaches within four business days of determining a breach has occurred. Under DORA, financial institutions face an even tighter timeline, as significant incidents must be reported within 24 hours. These reporting obligations are designed to enhance market transparency and accountability, but they place substantial pressure on organizations to have systems in place for rapid detection, assessment, and reporting of breaches.
To meet these demands, organizations must have robust processes and technologies capable of continuously monitoring access rights, tracking user activity, and providing audit-ready records. Without the right Identity Governance and Administration (IGA) tools, many companies struggle to meet disclosure deadlines, risking fines, reputational damage, and loss of stakeholder trust.
Mature organizations closely align their security programs with the requirements of governing bodies. They embed cybersecurity into their culture, ensuring that risks and controls are integrated into processes and reported on extensively to maintain ongoing effectiveness. When a company’s IGA and cybersecurity practices are mature, meeting new breach disclosure requirements is straightforward and minimally disruptive. However, organizations that are less mature face challenges that can lead to costly and time-consuming efforts to achieve compliance.
As the frequency and cost of security breaches continue to rise, organizations must demonstrate transparency and accountability to their stakeholders. The implementation of a modern IGA solution is a critical step to ensuring your organization can comply with both industry regulations and internal cybersecurity strategies. IGA solutions help reduce risk by securing identities, automating access, and providing enhanced visibility into who has access to what—key elements of building a cybersecurity posture that stands up to both internal and external scrutiny.
Insider threats remain a major compliance challenge, with attackers often bypassing technical defenses by using stolen credentials. Research from Securonix shows a 28% increase in insider-driven data exposure, loss, and theft incidents between 2023 and 2024, while Google Cloud’s 2023 Threat Horizons Report found that 86% of breaches involve stolen credentials. Insider threats are one of the most significant compliance challenges today. Often, hackers don’t need to breach IT infrastructures—they simply log in using stolen credentials. Once inside, they can steal or manipulate data, making it harder to meet the strict breach disclosure requirements.
One of the most powerful benefits of a modern IGA solution is its ability to automatically lock out compromised identities. When there is suspicion that a user’s identity has been compromised, IGA solutions can swiftly block access to prevent further malicious activity. This is critical in managing the severity of an incident and ensuring that breaches are contained quickly, thereby reducing the potential impact on your organization’s compliance and disclosure obligations.
Modern IGA solutions help automate breach response, allowing teams to focus on high-value activities while ensuring compliance with the most stringent regulatory standards.
Omada Identity Cloud offers comprehensive governance, audit, and risk management features, giving your organization the tools needed to stay ahead of compliance requirements. With automated, intelligent controls for enforcing rules, policies, and access rights, Omada ensures full oversight of your organization’s identity governance.
Omada’s standardized implementation approach, coupled with our expert knowledge transfer process, means you can deploy the solution in as little as 12 weeks, ensuring that your organization is ready to meet both new and existing compliance requirements in the shortest time possible.
If you want to ensure your organization is prepared to comply with new breach disclosure requirements—and to strengthen your cybersecurity posture in the process—Omada’s Identity Cloud solution is the answer. Take the first step toward meeting evolving compliance challenges while securing your organization from future threats. See for yourself how Omada can support your success.
Featured Resources
Do you know how to recognize potential insider threat indicators? Read our guide to common indicators of insider threats and how to stop them.
Read the guide to discover 5 steps that will help you improve the cybersecurity posture of your organization using modern Identity Governance.
Reliable modern IGA solutions that enables secure, compliant, and efficient access to data, applications and infrastructure. Learn more about Omada Identity Cloud.
Let us show you how Omada can enable your business.