News & Media

Security Management: How to Prepare for Heightened Board Involvement in Cybersecurity

Date published:

Dec 18, 2023

No items found.
SHARE ON
SHARE ON

Security Management

December 18, 2023

The Security Management article by Claire Meyer discusses the U.S. Securities and Exchange Commission’s (SEC) new requirement for companies to disclose material cybersecurity incidents within four business days—or risk fines or other punitive actions. Meyer explains that the SEC rule was being enacted because so many cyberattacks and incidents have deep, material ramifications on the value of the affected entity, which could directly change shareholder value. Not adequately disclosing this information in a timely manner could skew shareholders’ decisions to invest in a company.

VikingCloud global security architect, Fayyaz Makhani, is interviewed and quoted extensively in the article to explain the latest evolution in cybersecurity regulation and what it means for boards, cybersecurity professionals, and the industry at large.

For example, Makhani provides expert insight on the actions boards can take to provide effective cybersecurity governance. He advises that organizations:

  • “Add cybersecurity expertise to the board. Just as boardshave financial, legal, and economic expertise, you want someone who understandsthe risk involved and can provide strategic oversight.
  • Board members can connect with CISOs to become moreknowledgeable on cybersecurity topics so they can ask informed questions.
  • Board members can take part in incident response simulationexercises, which provide valuable insights into preparedness and theorganization’s capability to respond and recover.”

Makhani concludes that, “There are several boards now that include cybersecurity reporting as a regular part of the meeting agenda. This is a great starting point for the boards to get into a regularized, routine, and up-to-date view of cybersecurity risks.”

For more detail on how the changing role and responsibilities of corporate boards to pre-empt – and respond to cyberattacks – and the expansion of oversight from beyond the Chief Information Security Officer (CISO) – read the full article at asisonline.org.

SHARE ON