The SEC is proposing to force boards to do what they haven’t done themselves, govern cyber risk. This article makes some excellent points and I believe it is logical to expect that this could be the next evolution for where cyber risk governance is going.
“The trigger for the boards that I’m on came from an unexpected place. It wasn’t the board that was the catalyst for governance reform. It was the management teams coming to the conclusion that they had to get a grip on cyber risk as a risk that was never going to go away. And then it all came together when boards realized their part in the cybersecurity system and the need to more effectively exercise their responsibilities. We sort of woke up together as a result of some of the rising awareness and education on cyber risk we were experiencing. While the natural boardroom instinct to worry about some of these issues was there, it now helps enormously to have directors in the boardroom who have been operators in cybersecurity.”