Copyright © 2017 ALM Media Properties, LLC. All Rights Reserved.
Several recent data privacy and security-related incidents continue to illustrate the financial, legal and reputational consequences associated with cybersecurity risk. Companies — both private and public — are beginning to shift cybersecurity and privacy risk management from the IT department to the boardroom. The Security and Exchange Commission’s Commissioner Luis Aguilar encouraged this shift in remarks before the New York Stock Exchange in June 2014, when he called on boards of directors to take a more active and informed approach to managing cyber risk. Multiple forms of guidance — ranging from proposed Office of the Comptroller of the Currency regulations in January to National Institute of Standards and Technology’s voluntary Cybersecurity Framework developed pursuant to President Obama’s Executive Order 13636 – are advocating stricter oversight and management of cybersecurity risk.