In this new episode of Boardroom Resources, SEC Commissioner Robert Jackson recaps the key takeaways from his remarks on cybersecurity at the Society's Annual Conference last week, namely - the three things he believes boards should be thinking about as respects cybersecurity:
- Timely and accurate disclosure to investors upon the occurrence of a cyber event
- Insider trading policies that prevent insiders from trading around the time of a cyber event
- Internal controls (policies & procedures) that encompass reporting up procedures on cyber attacks so that leadership (management and the board) can take the necessary steps to protect the company
In the listen-worthy ~10 minute interview with Host TK Kerstetter, Commissioner Jackson encourages boards to take a close look at the SEC's recently updated cybersecurity guidance, which he indicates is very clear on what the SEC expects from corporate boards.
Also particularly noteworthy are Jackson's comments on board cyber expertise: "I want to urge companies to really think hard about whether they have the kinds of knowledge in the boardroom right now that they need to grapple with this issue. I am not saying that you have to hire a cyber expert. I'm not saying it is right for every board, but if I were on a corporate board these days, I would be out there looking for directors who could come in with some knowledge on that subject - just to help educate the board and prepare us if we ever end up in that situation."