The clock is ticking for public companies to put in place policies and practices to meet the requirements of the Securities and Exchange Commission’s (SEC) newly approved cybersecurity incident disclosure rule. The 186-page final rule intends to make more information about material cybersecurity incidents available to investors—and quicker.
Preparing for the rule is a chance for boards to elevate their understanding of cyber threat prevention and response, privacy rights, and artificial intelligence, which is crucial given the demands globally for greater board accountability. Boards can begin by asking themselves questions such as how they are made aware of their company’s cybersecurity policies and practices and their fiduciary aspects.
The goal is to build strong cyber risk programs with collaboration, context, and communication.