The SEC is going to begin implementing changes to cybersecurity regulations which will require boards of public companies to disclose further information about their cybersecurity policies, procedures and action plans. This article is an indicator what the next 1-2 years of cybersecurity in Australia will look like for boards. Also how boards should be actioning the current cyber environment. This publication includes article shared information from this Harvard Business Review article by by Dr. Keri Pearlson and Chris Hetner.
THIS ARTICLE’S KEY TAKEAWAYS:
- Public boards will have to disclose their cybersecurity action plans in the near future
- Boards need to redefine what cybersecurity means to them, with a focus on resiliency to bounce back quickly from cyber threats and attacks
- Boards should look to improve the cybersecurity expertise in the boardroom by communicating clearly in terms that all board members understand, focusing on resiliency when a threat occurs and building wider cyber bridges between cybersecurity executives and board members
New SEC Regulations Will Change the Board’s Role
The SEC will soon require companies to disclose their cybersecurity governance capabilities, including the board’s oversight of cyber risk, a description of management’s role in assessing and managing cyber risks, the relevant expertise of such management, and management’s role in implementing the registrant’s cybersecurity policies, procedures, and strategies. Specifically, where pertinent to board oversight, registrants will be required to disclose:
- Whether the entire board, a specific board member, or a board committee is responsible for the oversight of cyber risks,
- The processes by which the board is informed about cyber risks, and the frequency of its discussions on this topic
- Whether and how the board or specified board committee considers cyber risks as part of its business strategy, risk management, and financial oversight.
Board Member Cybersecurity Attitude Adjustment
We need to redefine the cybersecurity meaning as it’s not possible to be 100% protected from every attack, the most rational approach is to make sure the organisation can recover with little or no damage to operations, to the financial bottom line, and to the organisation’s reputation. Building resiliency in an organisation requires proper oversight from the boardroom based on a clear plan built on business and economic analysis.
Increase Cybersecurity Expertise in your Boardroom
Here are some actionable insights to begin today so your board meets (or exceeds) the new SEC guidelines, and provides the right level of oversight to cybersecurity plans:
- Develop a common language for discussing the complex issues of cyber risk and resilience.
- Keep cyber resiliency on the board’s agenda and in discussions with management.
- Build wider bridges between cybersecurity executives and board members.
About Greenfields Recruitment & Search
GREENFIELDS RECRUITMENT & SEARCH is a specialist In-House Legal Counsel, Company Secretary and Corporate Governance Executive Search & Recruitment firm. We connect company secretary leaders with organisations who require company secretary services. Partnering with a diverse range of clients, from ASX listed organisations, non-listed organisations, multinationals, boutiques and not-for-profits across all industry sectors. Learn more about us here.