The SEC’s Cybersecurity Rule Didn’t Include Disclosure of Director Expertise. That Needs to Change

5 Pages

The research report by Zscaler highlights the inadequacy of cybersecurity expertise disclosure among S&P 500 companies, emphasizing the importance of clear communication to investors. Despite the SEC’s initial proposal to mandate such disclosures, the final rule omitted this requirement. The analysis found that while 82% of companies included a skills matrix in their proxy statements, only 17% listed cybersecurity as a standalone skill. Instead, cybersecurity was often bundled with other skills, leading to potential misinterpretation of a board's ability to oversee cybersecurity risks, thus posing a significant concern for investors.

Join for free to read

Guide The CFO’s role in Cyber Disclosure

White Paper THE SEC’S NEW MARKETING RULE: KEY TAKEAWAYS FOR ADVISERS

Ebook Director

White Paper Ensuring compliance with the National Bioengineered Food…

More from Zscaler

Report Board Committee Oversight of Cybersecurity

Report S&P 500 Proxy Statements: What Companies Disclose About Their…

White Paper Enhancing Cybersecurity In the EU: An In-Depth Look at the NIS2…

Ebook The Evolution of Network Security

Report

The SEC’s Cybersecurity Rule Didn’t Include Disclosure of Director Expertise. That Needs to Change

The SEC’s Cybersecurity Rule Didn’t Include Disclosure of Director Expertise. That Needs to Change

You Might Also Like

More from Zscaler