Big cybersecurity news came out of the Securities and Exchange Commission (SEC) this month, and it directly affects board members and executives. The SEC adopted a set of rules that will change the way companies handle material cybersecurity incidents and their responsibilities for guidance and managing risks. These rules are all about enhancing transparency and accountability as it relates to cybersecurity attacks that may create a material risk to the company, customers, and ultimately shareholders.
Immediate Cybersecurity Incident Disclosure
Companies will have to reveal any major cybersecurity incidents they experience within four business days, although there’s an exception if the U.S. Attorney General deems immediate disclosure a risk to national security or public safety.
Annual Insight into Cybersecurity Strategies
Each year, companies will have to give investors a peek behind the curtain at their cybersecurity risk management, strategies, and governance through their 10-K report. This also includes an inside look at how the board of directors and management are tackling cybersecurity threats.
What the SEC Chair Had to Say
Gary Gensler, SEC Chair, compared…
