NACD RESPONDS TO SEC RULE PROPOSAL ON PUBLIC COMPANY CYBERSECURITY, RISK MANAGEMENT, STRATEGY, GOVERNANCE, AND INCIDENT DISCLOSURE
Recommendations Emphasize Aligning Proposed Rules with Best Practices and Delineating Between Board and Management's Roles
WASHINGTON, May 12, 2022 /PRNewswire/ -- The National Association of Corporate Directors (NACD), the authority on boardroom practices representing more than 23,000 board members, this week submitted comments to the US Securities and Exchange Commission (SEC) on their proposed amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies.
Agreeing with the intent of the proposed rules, NACD emphasized its support for consistent disclosure of information related to four key areas: cybersecurity incident response and reporting; cybersecurity risk management policies and procedures; the role of management in cybersecurity; and board cybersecurity expertise and oversight.
NACD emphasized the following main points about the board's role in its comments:
- The cyber security-specific roles of the board and management are distinct.
o Management must control and mitigate risk, and drill deeply into breaches.
- NACD believes cybersecurity oversight must be the shared responsibility of the whole board, not the responsibility of one director with cybersecurity expertise.
"Continuous director education in cyber-risk oversight is critical for what the SEC is asking boards to do, and for directors to fulfill their obligations as effective stewards of their organizations," said Peter R. Gleason, president and CEO of NACD. "We are in agreement with the SEC that long-standing efforts to ensure board members have the necessary resources to provide meaningful oversight of cyber programs are essential."
NACD has demonstrated a deep commitment to promoting continuous director education and to helping board members keep pace with an ever-changing threat landscape. Today, more than 700 directors hold the NACD CERT Certificate in Cyber-Risk Oversight, which has long been recognized as the premier cyber credential for board members.
In the filing, NACD asserted and clarified the following:
- NACD supports a collaborative approach that clearly outlines distinct cybersecurity-specific roles for the board and organizational management functions.
Click here to read the full comments submitted by NACD, including positions on other portions of the SEC's proposal.
View original content to download multimedia:https://www.prnewswire.com/news-releases/nacd-responds-to-sec-rule-proposal-on-public-company-cybersecurity-risk-management-strategy-governance-and-incident-disclosure-301546494.html
SOURCE National Association of Corporate Directors
Session Details TBA
Smart Buildings Beyond HVAC
Keynote Presentation by National Urban League - Open to all Badge Holders