- Executive bonuses have a return policy if regulatory filings are misstated. In 2022 passed a new rule that requires executives and board members to return bonuses if errors are found in their companies’ financial disclosures within three years of filing, even if they are not responsible for them. Public companies without mature cybersecurity programs will need to prioritize cyber risk quantification investment or risk losing their compensation.
What To Do About It: Invest in cybersecurity. More CISOs than ever now report CEOs. We expect the number to increase now that personal money is on the line. Poor cybersecurity practices or failure to disclose pertinent cybersecurity information now comes with the risks of a compensation claw back which should make building cybersecurity business cases to justify investments quite a bit easier.