Senior Cyber Risk Advisor Serving the 24,000 Member Boardroom Community | Former Senior Cybersecurity Advisory to the SEC Chair | Former US Treasury Senior Cyber Advisor & G-7 Cyber Expert | Board Director | CISO | AI
10,081 followers
SEC Cybersecurity 8-K Alert As the former Senior Cybersecurity Advisor to the U.S. Securities and Exchange Commission Chair it appears the 8-Ks issued so far are non compliant. What’s missing is how these cyber events have or will introduce material business, operational and financial harm. I suspect most companies have not figured this out. This is reflective of a disconnect amongst the technology, cybersecurity, business and enterprise risk management functions….. including the Boardroom!!!! Below is a list of business focused risk factors: • Costs due to business interruption, decreases in production and delays in product launches. • Payments to meet ransom and other extortion demands. • Remediation costs, such as liability for stolen assets or information, repairs of system damage and incentives to customers or business partners in an effort to maintain relationships after an attack. • Increased cybersecurity protection costs, which may include increased insurance premiums and the costs of making organizational changes, deploying additional personnel and protection technologies, training employees and engaging third-party experts and consultants. • Lost revenues resulting from intellectual property theft and the unauthorized use of proprietary information or the failure to retain or attract customers following an attack. • Litigation and legal risks, including regulatory actions by state and federal governmental authorities and non-U.S. authorities. • Harm to employees and customers, violation of privacy laws and reputational damage that adversely affects customer or investor confidence. • Damage to the company’s competitiveness, stock price and long-term shareholder value. Cyber risk management is a team sport that requires the entirety of the enterprise to ensure business resilience. What is required is a more inclusive message and collaboration that includes all enterprise risk management leaders. NACD (National Association of Corporate Directors) Khwaja Shaik X-Analytics (SSIC) John Frazzini CrowdStrike Dominique Shelton Leipzig Andrew Hoog John Carlin Erez Liebermann David Curran Avi Gesser Jamil Farshchi Jim Routh Robert Wilkinson Edward Amoroso Charles Blauner Sean Lyngaas Kim Nash The Wall Street Journal Anne-Marie Kelley Nasdaq Jay Leek Brian Peretti Jared Nussbaum Adam Cottini Thomas Etheridge Daniel Bernard Vanessa Mesics George Kurtz Shawn Henry CNBC Rocco Grillo Katherine Kuehn Bob Ackerman Jim Cramer Kevin Mandia Jen Easterly Learn more how the NACD (National Association of Corporate Directors) boardroom community is tackling this issue powered by X-Analytics (SSIC) https://lnkd.in/esrRhxJQ