SEC Commissioner Robert Jackson Jr. is not the first person to describe America’s battle with cyber crime as a war. Whether the threat entails independent bad actors stealing consumer data or state-sponsored theft of company IP or trade secrets, today’s board members have the duty to oversee one of the biggest risks that U.S. businesses have ever faced.
This is a war. American companies are under attack 24 hours a day, 365 days a year. My worry is that we are asking them to defend themselves against this overwhelming and increasingly dangerous [threat]…We know what happens when companies are breached. What happens is millions of Americans’ data is lost or stolen or used against them in a way that we just can’t accept as a nation….My view is that American companies really are on the front lines of a battle to protect Americans’ information, and we need to give boards of directors the tools they need to win that war.
Following his address at the Society of Corporate Governance Annual Conference, Commissioner Jackson reviews various aspects of the SEC’s cybersecurity guidance issued in February 2018. In this episode, Host TK Kerstetter and Jackson also discuss implications for board composition and committee structures in light of recent cyber events. Among the questions discussed:
- What three things does Commissioner Jackson say should be top-of-mind for boards as they oversee cyber risk?
- How should boards be assessing their cyber risk reporting system?
- Is it time to move cyber risk oversight out of the audit committee?
- Should boards be recruiting cybersecurity expertise?