Cybersecurity, Privacy, & AI

Trending Now
Top House Cyber Lawmaker Plans to Introduce DHS Overhaul Bill by Next Year • Executive Orders Seek to Hasten Quantum Computing—and Guard Against Its Use • In a First, a Court Takedown Goes After Two Cybercrime Tools at Once • NIST Opens Updated IoT Security Guidance to Public Review • Five Eyes Agencies Urge Leaders to Strengthen Cyber Resilience in AI Era
Protests & Claims Newsletter Cyber & Privacy Newsletter Compliance & Enforcement Newsletter Development Newsletter Transforming Procurement Newsletter
Published on April 9, 2018 Cyber

Cybersecurity: The SEC’s Wake-Up Call to Corporate Directors

In a commentary for D&O Diary, David Fontaine, CEO of Kroll, Inc., and John Reed Stark, former Chief of the SEC’s Office of Internet Enforcement, examine the SEC’s recent cybersecurity disclosure guidance for publicly traded companies, with a particular focus on what the agency’s statement has to say about the duties of corporate directors.

They note that the SEC’s views on the role of the board have evolved over the past few years, and the new guidance shows its strong views regarding its essential role in the emerging area of enterprise risk. When it comes to cybersecurity, directors are expected to dig in and demand greater visibility into the matter.

They provide further background, followed by more specific recommendations of board actions:

  • It starts with the CEO.
  • Reject the “check the box” approach to security compliance.
  • Assign clear board-level oversight responsibilities.
  • Boards must require periodic external assessments, testing, and reporting.
  • Don’t fall prey to a false sense of confidence.
  • It’s more than just prevention.
  • Take the time to understand what has gone before.

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–SaturdaySubscribe here.

© PubKGroup 2024