New interpretive guidance from the Securities and Exchange Commission (SEC) in February 2018 makes it clear that staff there will be paying increased attention to cybersecurity risks and how well publicly traded companies are disclosing them.

Concern among investors, customers, and regulators about data protection and infrastructure safety continues to grow. A robust cybersecurity program where responsibility starts at the top with a company’s board is a key indicator of how US companies are managing the risk that a cyberattack poses.

The SEC commissioners themselves have also signaled their view on cybersecurity when SEC Commissioner Robert Jackson Jr. said earlier this year that, “Cybersecurity is the most important corporate governance issue we face. There is no greater threat to businesses than cyber-attacks.”

With corporate governace data from the CompanyIQ^® SEC EDGAR database, this report looks at how corporate boards are managing cybersecurity governance and risk.