The U.S. Securities and Exchange Commission (SEC) is expected to introduce a rule requiring public companies to demonstrate cybersecurity expertise at the board level. This comes as a response to the increasing number of cyberattacks and the need for more robust cybersecurity measures. The proposed rule, which is expected to be published soon, will likely require companies to disclose their level of cybersecurity expertise at the board level. However, a recent study found that up to 90% of companies in the Russell 3000 lack even a single director with the necessary cyber expertise.
The rule raises questions about how best to achieve board-level cybersecurity expertise. One solution could be to promote the existing Chief Information Security Officer (CISO) to the board. However, this would require transitioning an operational executive into a strategic business advisory role. Another solution could be to recruit existing board-ready, cybersecurity-savvy outsiders.
Regardless of the approach taken, the rule underscores the importance of increasing board-level understanding of cybersecurity. This could be achieved through a combination of adding someone with good cybersecurity knowledge to the board, improving the general level of cyber awareness, and holding periodic tabletop exercises to demonstrate the effect of cybersecurity incidents. The precise wording of the SEC rule will be revealed upon its publication.
Source: SecurityWeek
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.