Companies Must Have Corporate Cybersecurity Experts, Sec Says
DARKReading, Wednesday, July 26,2023
Enterprises must now describe their management's expertise in cybersecurity. But what exactly does that entail?
The US Security and Exchange Commission (SEC) has held up a magnifying glass to an enterprise's cybersecurity expertise.
The original proposal from the SEC in March 2022 said that it wanted companies to publicly declare one cybersecurity expert on the board of directors and one within management. Today the SEC backed off the requirement for the board expert - although it still wants "registrants to describe the board of directors' oversight of risks from cybersecurity threats and management's role and expertise in assessing and managing material risks from cybersecurity threats."