Harvard Business Review September 8, 2021
Summary.
The SEC has signaled that it has started taking cyber vulnerabilities much more seriously than it has in the past. Two recent fines signal that the agency views lax cybersecurity as an existential threat to businesses and is willing to penalize companies who fall short. This, of course, is reasonable: Cyber threats pose as significant a danger to businesses (and their shareholders) as supply-chain vulnerabilities or natural disasters. To make sure they’re compliant, companies should: 1) create a disclosure committee composed of director and senior director level employees, 2) be sure to disclose cybersecurity risks, incidents, and their business impacts in a timely manner, 3) build more visibility into their processes to better understand their weaknesses, 4) conduct...