Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

NACD Responds to SEC Rule Proposal on Public Company Cybersecurity, Risk Management, Strategy, Governance, and Incident Disclosure

Continuing the series on Cybersecurity concepts for BoD members and C-Level executives, the article linked below is worth a look.

NACD emphasized the following main points about the board’s role in its comments:

  • The cyber security-specific roles of the board and management are distinct.
    1.  Management must control and mitigate risk, and drill deeply into breaches. 
    2. The board’s role is to make sure that cybersecurity is well managed and that the risk is well controlled. 
  • NACD believes cybersecurity oversight must be the shared responsibility of the whole board, not the responsibility of one director with cybersecurity expertise.