The proposed rules, which were distributed on March 9, 2022, set forth in Release No. 33-11038 (the Rule Proposal), would require current reporting on Form 8-K of material cybersecurity incidents, as well as periodic disclosures about a company’s policies and procedures to identify and manage cybersecurity risks, management’s role in implementing such policies and procedures, and the board’s expertise along with its role in providing oversight of cybersecurity risks.
The Top Cybersecurity Principles Every Board Member Must Know
Cyberattacks are the terrorism of today, hitting societies, commercial companies, and even individual citizens with data theft, money theft, ransomware, disruption of operations, public shaming, and loss of trust. The list of potential damage is long, and perpetrators are hiding in the dark web in jurisdictions outside of our control. The question is not whether you will be breached, but when or if it already happened without your knowledge. When a company’s digital assets are compromised, what would have cost one dollar of prevention will cost up to a thousand dollars of damage control.