TheCorporateCounsel.net

October 24, 2022

Recognizing Cybersecurity Awareness Month: A Look At Disclosure Practices

In case you did not know it, October is Cybersecurity Awareness Month. Since 2004, October has been not only about pumpkin spice lattes, but also about raising awareness of cybersecurity threats. It is also a great time to roll out some cybersecurity-themed blog content.

Recently, the EY Center for Board Matters released its publication “How cyber governance and disclosures are closing the gaps in 2022,” in which it analyzes the cybersecurity-related disclosures of Fortune 100 companies. The EY report notes that, while there has been a trend toward more disclosure of cyber management and oversight, “there appears to be a gap between disclosures around material cybersecurity incidents, including the depth of the disclosures, as compared with the number and scale of cyber incidents reported in the news media and third-party reports.”

Key observation from the report include:

– Growing risks and greater stakeholder demands are leading companies to carefully address what they disclose about governance and management of cybersecurity.

– The SEC prioritized cybersecurity and is expected to finalize rules in early 2023 that will require new cybersecurity disclosures from public companies.

– Fortune 100 companies continue to increase disclosures in certain categories of cybersecurity risk management and oversight.

The report also highlights list ten leading practices in board cyber risk oversight for boards to consider.

– Dave Lynn