A new ruling from the U.S. Securities and Exchange Commission (SEC), known as the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, went into effect last fall. The ruling requires public companies to disclose whether their boards of directors have members with cybersecurity expertise. Specifically, registrants are required to disclose whether the entire board, a specific board member, or a board committee is responsible for the oversight of cyber risks; the processes by which the board is informed about cyber risks, and the frequency of its discussions on this topic;…
