Cyberspace Solarium Commission report recommendations could have implications for corporate cyber risk disclosure

Summary

Zurich Insurance outlined how companies can defend against ransomware at a time when cyber vulnerabilities have increased amidst the COVID‑19-induced shift to remote work. The approach leverages the NIST framework, widely seen as the global standard for improving cyber defense.

Report

Analysis

The composition of this Commission—with representatives from the Senate and Congress, both major political parties, the FBI Director, the Deputy Defense Secretary, the deputy director of national intelligence and the deputy secretary of Homeland Security, in addition to senior private sector representatives—demonstrate the seriousness with which this matter is being approached.

One key recommendation is to define and establish new cybersecurity certification requirements for companies. In Cyberhedge’s view, quantified and uniform disclosures around cyber governance is a necessary step for all stakeholders to better understand how effectively—or ineffectively—companies are managing technology risks. This is essential information not only for regulators and law enforcement to know for defense and security purposes, but it is equally important for C-Suites, BoD’s and investors to have more visibility into how this macro business risk is being managed.

Greater transparency on how well or poorly technology risks are managed will do more than just tick boxes at the board level. It will help company leadership, stockholders and bondholders avoid significant market losses. While national security actors are understandably focused on crime, security and systemic threats posed by cyber, investors and financial regulators need to be equally focused on this issue as a financial risk as the rapid digitalization of companies and the economy means that companies across nearly every sector most valuable asset is digital technology.

A standard set of disclosures that companies are required to provide is consistent with what is already required for all other macro business risks. It is also a necessary first step towards giving investors better visibility into companies’ risk management practices and ability to avoid potential downside financial impacts stemming from poor cyber governance.

Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website