posts
The SEC Fired the Starting Gun — Most Boards Still Haven't Moved In late 2023, the SEC's new cybersecurity disclosure rules forced publicly traded companies to report material cyber incidents within four business days. Suddenly, board directors who had spent decades delegating "the tech stuff"
When Colonial Pipeline's CEO Joseph Blount testified before the Senate in June 2021, he admitted the company paid $4.4 million in ransom after a single compromised password shut down the largest fuel pipeline in the United States. No multi-factor authentication. No segmentation between IT and operational technology.
The SEC Just Made Ignorance Expensive In July 2023, the SEC finalized rules requiring public companies to disclose material cybersecurity incidents within four business days — and to describe their board's oversight of cyber risk annually. That single regulatory move turned board-level cybersecurity awareness from a nice-to-have into a
