This bipartisan, blue-ribbon commission, which is composed of top officials from across the US government and private sector, was established to create a comprehensive top-levelframework for cyber security and better prepare both the public and private sector to deal with cyber threats.
The composition of this Commission—with representatives from the Senate and Congress, both major political parties, the FBI Director, the Deputy Defense Secretary, the deputy director of national intelligence and the deputy secretary of Homeland Security, in addition to senior private sector representatives—demonstrate the seriousness with which this matter is being approached.
One key recommendation is to define and establish new cybersecurity certification requirements for companies. In Cyberhedge’s view, quantified and uniform disclosures around cyber governance is a necessary step for all stakeholders to better understand how effectively—or ineffectively—companies are managing technology risks. This is essential information not only for regulators and law enforcement to know for defense and security purposes, but it is equally important for C-Suites, BoD’s and investors to have more visibility into how this macro business risk is being managed.
Greater transparency on how well or poorly technology risks are managed will do more than just tick boxes at the board level. It will help company leadership, stockholders and bondholders avoid significant market losses. While national security actors are understandably focused on crime, security and systemic threats posed by cyber, investors and financial regulators need to be equally focused on this issue as a financial risk as the rapid digitalization of companies and the economy means that companies across nearly every sector most valuable asset is digital technology.
A standard set of disclosures that companies are required to provide is consistent with what is already required for all other macro business risks. It is also a necessary first step towards giving investors better visibility into companies’ risk management practices and ability to avoid potential downside financial impacts stemming from poor cyber governance.