SEC cyber attack regulations prompt 10 questions for CISOs

New SEC regulations requiring public companies to disclose cyber attacks highlight the need for business leaders to understand cybersecurity. To meet these requirements for transparency, company boards should ask their CISO about the organisation’s risk profile, security measures, response plans, metrics, asset protection, threat awareness, third-party risk and employee training, budget allocation, and communication plans in the event of a breach.