Good information security oversight should seek to reduce a company’s potential risk of harmful economic outcomes. As these mandates come into effect, businesses should consider not only how to comply with the new rules, but also how they can best demonstrate robust information security governance. Nearly all companies in the Russell 3000 provide disclosures that reveal at least a general approach to information security risk mitigation. The presence of information security risk insurance is another indicator that a company has a program to protect itself from cybersecurity risks. Proactive boards that hold regular communications with their Chief Information Security Officer and other executives with responsibility will find themselves in a better position to provide effective information security oversight.

Source: Wall Street Journal November 06, 2023 14:40 UTC