Is Your Board Cyber-Ready? Leadership Steps to Support Corporate Cybersecurity
Thursday, October 12, 2023
Corporate Cybersecurity Leadership Steps
Print Mail Download i

The growing concern around cyberthreats for companies across the nation is reflected in the increasingly crowded legislative landscape that provides guidance to organizations, employers, employees, consumers, and investors. As part of that landscape, enterprises — both public and private — operate under an unprecedented level of scrutiny. Last month, new SEC requirements went into effect for public enterprises. Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (the “Rule”). The Rule not only requires public enterprises to report cyber breaches within only four days, but it also requires annual disclosure of material information regarding cybersecurity risk management, strategy, and governance and other periodic disclosures about the enterprise’s processes for assessing, identifying, and managing material cybersecurity risks, management’s role in assessing and managing material cybersecurity risks, and the board of directors’ oversight of cybersecurity risks.

This Rule adds yet another layer to the complicated issues of managing cybersecurity risks, but strong corporate governance equips companies to address them efficiently and accurately. The best practices for public companies that must comply with the SEC’s Rule also guide advice for private entities for managing cybersecurity risks. Key components of the SEC’s Rule shine a light on action items for preventing, navigating, and responding to cyberthreats through strong board governance and engagement, including:

  1. Identify cybersecurity risks as a required disclosure to the organization’s Board;
  2. Ensure the Board understands that it is responsible for oversight of the organization’s cyber security program;
  3. Provide the Board with “decision-useful” information relative to cyber risks;
  4. Train leadership on the necessity of reporting actual and potential cybersecurity incidents and risks to the Organization’s Board;
  5. Create a cybersecurity breach response plan enforced by the Board;
  6. Perform stress tests of the cybersecurity breach plan, with Board participation; and
  7. Leadership and the Board should engage with the Organization’s IT/ Data Governance Teams to ensure best practices are being followed, including ensuring employees are trained on cybersecurity risks.
Jackson Lewis P.C. © 2024

Current Legal Analysis

More from Jackson Lewis P.C.

District Court Strikes Portions of Inglewood’s Healthcare Worker Minimum Wage Ordinance
by: Jonathan A. Siegel , Allen F. Acosta
Reminder: San Francisco Employer Annual Reporting Form Due May 3
by: Harold R. Jones , Julia A. Olivier
Addressing Multinational Labor and Employment Law Issues Through an International Alliance [Podcast]
by: John L. Sander
Nuanced Privacy Laws Means Healthcare Organizations Should Prioritize Protecting Personal Information
by: Michael R. Bertoncini
Reports Confirm Need for Employers to Foster Inclusive Work Environment for Black, LGBTQIA+ Youth
by: Teresa Burke Wright
U.S. Supreme Court: Alleging Discriminatory Transfer Is Sufficient Harm to Bring Title VII Claim
by: Stephanie L. Adler-Paindiris , Michael R. Hatcher
New York State Budget Includes Enhanced Employer Obligations
by: Richard Greenberg , Tania J. Mistretta
SDNY Denies Leave to Amend ERISA Complaint with “Substantively the Same Defects” as Dismissed Complaint
by: Alex E. Hotard , Phillip C. Thompson
Should We Submit Missing Participant Data to the DOL with the Plan’s Form 5500?
by: Suzanne G. Odom
USCIS Updates Form N-400 Application for Naturalization
by: Michael H. Neifach , Porter S. Young

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins