Nasdaq Center for Board Excellence
October 2024
In 2023, the U.S. Securities and Exchange Commission (SEC) adopted a new disclosure rule related to cybersecurity: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. It is unfortunately clear that cybercrime is here for the long term. The substance and integrity of disclosure on this matter can directly or indirectly impact corporate reputation, access to capital, and stakeholder engagement. The risk of noncompliance is high. Amid this complex and rapidly shifting environment, how can the board provide effective cybersecurity oversight? In this practical guide, the Nasdaq Center for Board Excellence provides information for boards to navigate disclosure conundrums and ensure their organizations have the right cybersecurity strategy in place.
Many countries have enacted legislation to protect data and privacy, including cybersecurity disclosure requirements:
137 out of 194 countries: Have legislation to protect data and privacy. Africa and Asia show different level of adoption with 61% and 57% of countries having adopted such legislations.
India: Requires a six-hour reporting window for cyber incidents, including data breaches, ransomware attacks, identity theft, and large-scale malicious activity
France, Italy, the Netherlands, and the United Kingdom: Have taken steps to implement the NIS Directive
Read the guide here: