Boards are now paying attention to the need to participate in cybersecurity oversight. Not only are the consequences sparking concern, but the new regulations are upping the ante and changing the game.
Is Your Board Prepared for New Cybersecurity Regulations?
A proposed SEC rule would require companies to disclose their cybersecurity governance capabilities.
November 11, 2022
Summary.
A proposed SEC rule will require companies to disclose their cybersecurity governance capabilities, including the board’s oversight of cyber risk, a description of management’s role in assessing and managing cyber risks, the relevant expertise of such management, and management’s role in implementing the company’s cybersecurity policies, procedures, and strategies. Meeting the new regulatory requirements can be better achieved by aligning how operational leaders discuss cybersecurity with their boards. Operational managers must start presenting their plans in a way that align with the way boards best contribute — the language of risk, resiliency, and reputation.