‍As digital threats grow more sophisticated and cyber regulations expand in scope, business stakeholders are beginning to recognize the need to learn more about cybersecurity and how it impacts organizational performance. With this recognition comes the elevation of chief information security officers (CISOs) into the boardroom, tasked with explaining these cyber intricacies and offering strategies that can help safeguard operational resilience and drive long-term growth.

A little over a year ago, the US SEC’s rules on cybersecurity incident disclosures were enacted, mandating that all publicly traded companies report material cyber events within four days after they had been determined as such unless exempted for national security or safety reasons. The rationale behind these rulings was that they would provide investors and relevant stakeholders with the information necessary to make more informed decisions, thereby leading to more realistically priced options.