Directors Beware How the SEC Cybersecurity Regulations Are Reshaping and Re-Risking Corporate Governance
August 7, 2023
By Daniel Garrie, Jennifer Deutsch and John D’Agostino
Corporate cybersecurity has become a non-negotiable priority. In part due to the recent rules promulgated by the Securities and Exchange Commission (SEC). 1. These rules require timely and full disclosure of material cybersecurity incidents and periodic disclosure of a company’s cybersecurity risk management, strategy, and governance in annual reports. 2. The rules represent a profound shift in how businesses are mandated to manage their cybersecurity risks and are a testament to the growing recognition of cybersecurity as a, if not the significant risk companies face.
Historically companies have underestimated the magnitude of cybersecurity risks. It’s not just ‘another risk variable’; it’s an extinction-level event that can have profound implications for operations, reputation, and the bottom line. The SEC, recognizing the gravity of this risk has taken steps to ensure that companies are not just aware of their cybersecurity risks but are taking and disclosing the substantive steps to manage them.
To read the full article, go to Daily Journal