Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

Richard "Dick" Brooks
Richard "Dick" Brooks
Expert Member
Top Contributor

Groundhog Day, SEC Style: Proposed Rule On Cybersecurity Risk Governance Has All The Pain Of SOX With Fewer Financial Penalties

  1. Executive bonuses have a return policy if regulatory filings are misstated. In 2022 passed a new rule that requires executives and board members to return bonuses if errors are found in their companies’ financial disclosures within three years of filing, even if they are not responsible for them. Public companies without mature cybersecurity programs will need to prioritize cyber risk quantification investment or risk losing their compensation.

What To Do About It: Invest in cybersecurity. More CISOs than ever now report CEOs. We expect the number to increase now that personal money is on the line. Poor cybersecurity practices or failure to disclose pertinent cybersecurity information now comes with the risks of a compensation claw back which should make building cybersecurity business cases to justify investments quite a bit easier.