posts
The SEC Fired the Starting Gun — Most Boards Still Haven't Moved In late 2023, the SEC's new cybersecurity disclosure rules forced publicly traded companies to report material cyber incidents within four business days. Suddenly, board directors who had spent decades delegating "the tech stuff"
The $350 Million Oversight Nobody Saw Coming When Verizon acquired Yahoo in 2017, two previously undisclosed breaches affecting all 3 billion Yahoo accounts forced a $350 million price reduction. That's what happens when cybersecurity due diligence fails at the highest level. The breaches had already happened. The data
The SEC Made It Official — Your Board Can't Plead Ignorance Anymore In July 2023, the SEC finalized rules requiring publicly traded companies to disclose material cybersecurity incidents within four business days and to describe their board's oversight of cyber risk annually. That wasn't a
The SolarWinds Wake-Up Call for Every Boardroom When the SolarWinds breach came to light in December 2020, it didn't just compromise 18,000 organizations including multiple U.S. federal agencies. It put a spotlight on something security professionals have been shouting about for years: boards of directors are
The SEC Just Made Ignorance Expensive In July 2023, the SEC finalized rules requiring public companies to disclose material cybersecurity incidents within four business days — and to describe their board's oversight of cyber risk annually. That single regulatory move turned board-level cybersecurity awareness from a nice-to-have into a
