Priya PatelTLDR:
- Cybersecurity expert Joseph Steinberg highlights the importance of companies getting cybersecurity right due to new SEC rules and recent charges against the CISO of SolarWinds.
- Legal actions, criminal charges, and reputational damage are at stake for companies that do not adequately manage their cyber risks.
In today’s digital age, cybersecurity is more crucial than ever for companies to get right. Cybersecurity expert Joseph Steinberg emphasizes the significance of companies ensuring that their cybersecurity measures are up to par, especially in light of recent developments such as the SEC’s new cybersecurity disclosure rules and charges against the chief information security officer (CISO) of SolarWinds.
Steinberg points out that the consequences of cyber breaches go beyond financial and reputational damage, as individuals responsible for overseeing cybersecurity may face legal action, including potential criminal charges. The example of the former Uber chief security officer (CSO) facing prison time for his role in covering up a data breach serves as a warning to business leaders.
The SEC’s new disclosure rules push the responsibility of managing cyber risks onto company leaders, emphasizing the need for transparency and accountability. Companies are now expected to disclose how they handle cyber threats, historical incidents, potential damages, and mitigation strategies to investors and the public.
Furthermore, companies must ensure that their boards have members with the appropriate cybersecurity expertise to oversee risk management effectively. Despite the increasing number of directors with cybersecurity experience in S&P 500 companies, the level of expertise remains relatively low, posing a challenge for boards under scrutiny for security failings.
Steinberg stresses the importance of striking the right balance between managing cybersecurity operations and overseeing them. Board members should empower cybersecurity experts to handle day-to-day tasks while providing oversight to ensure adequate protection against cyber risks. While boards need to understand their role in cybersecurity, they should avoid micromanaging and interfering with the CISO’s duties.
In conclusion, companies that lack cybersecurity expertise on their boards are urged to take action promptly, as cyber incidents can pose serious dangers comparable to financial and legal issues. Ensuring that board members are familiar with information security management is crucial to navigating the ever-evolving cybersecurity landscape successfully.
