“Across America companies are desperately seeking direction as they grapple to identify and follow best practices for cyberrisk management. … Yes, new rules and regulations can help push companies toward cyberresiliency. Yes, improved technological defenses will help mitigate the cyberthreat. But these are tactical responses to a strategic problem. We need to think bigger. Cybercrime is an enterprise-level risk that will require an interdisciplinary approach, significant investments of time and talent by senior leadership and board-level attention. In short: the cyberthreat is a corporate governance issue.” Interpretive Guidance on Public Company Cybersecurity Disclosures 2011 Disclosure Guidance: Topic No. 2

  • Re-evaluate the process that the company's board of directors uses to discharge its responsibility for cybersecurity risk oversight;
  • Review the company's policies and procedures related to disclosure controls and procedures, insider trading and selective disclosures; and
  • Consider whether the company's cybersecurity risk factor and other disclosures need to be refreshed.
|

Board's Responsibility

  • Effective Disclosure Controls and Procedures.
  • Application of Insider Trading Prohibition to Cybersecurity Risks and Incidents.
  • Selective Disclosures about Cybersecurity Risks and Incidents.
  • Prior Cybersecurity Disclosures and Materiality Determinations.

Yelena Barychev is a partner at Blank Rome. She advises companies and nonprofit institutions on M&A and securities law issues, including corporate governance, risk management, and cybersecurity matters. Yelena writes and speaks on corporate governance and cybersecurity issues.