With so much boardroom attention on cybersecurity, directors continue to focus on the Securities and Exchange Commission (SEC) guidance issued earlier this year and its implications. The guidance adds specific expectations for disclosure controls and incident response procedures, and reiterates prior guidance on disclosure of material cybersecurity risks and incidents.
Here are five steps for companies to consider in response to the SEC guidance.
1. Disclose the board’s role in managing cybersecurity risk
The SEC expects public company boards to sharpen their attention on the “increasingly important area” of cybersecurity risk, and expects to see evidence of that in companies’ … Read more