Information security is a now a board-level topic. The Securities and Exchange Commission made that point in February when it released guidance on how public companies should prepare to disclose breaches and other security incidents. Companies are expected to share information in quarterly and annual financial reports on how they’re managing cyber risks. In addition to details on how companies are gauging the severeness of security gaps and incidents, companies need to disclose how senior leaders and the board communicate about cybersecurity.
Article Link: https://www.cybereason.com/blog/ciso-board-business-sec-cybersecurity