Close this search box.

The SEC to CISOs: Welcome to the Big Leagues

By: Brian Walker, The CAP Group – We will look back on October 30, 2023 as the day the world changed. On that date, the CISO role was annointed as being a material senior executive in the eyes of the SEC. This is a result of the SEC’s first-ever charging of a company and its […]

SEC Cyber Incident Reporting: Practice The Way You Play

By: Paul Lehman, Brian Walker – “Practice the way you play” is an oft-repeated coaching line that’s finding fresh meaning today as companies prepare to report material cyber incidents to the SEC. The SEC’s new rule making that was announced in July 2023 is aimed at significantly increasing the transparency into how companies manage cyber […]

SEC Cyber Disclosures: Defining Risk Tolerance & Incident Materiality

By: Sue Bergamo and Brian Walker — The new SEC cybersecurity disclosure rules require public companies to publicly disclose material cybersecurity incidents. Each material incident is to be disclosed using an SEC 8-k and will be part of a broader recurring disclosure requirement using 10k forms that disclose the oversight and governance processes associated with […]

SEC Cyber Disclosure Rules May Require Significant Changes to Governance and Management

By: Rod Hackman and Brian Walker — Companies are beginning to digest the recently published SEC rules for cybersecurity disclosure related to incident reporting, risk management and governance processes. The scope of “materiality” is expanded beyond objective determinations to include subjective, and qualitative impacts such as reputational harm, impact on customer and vendor relationships, competitiveness, […]

SEC Cyber Disclosures: Adoption Framework

On July 26, 2023, the SEC issued its final rules for disclosing key information regarding cyber risk. The final rule addresses concerns over investor access to timely and consistent information related to cybersecurity risk – and comes at the end of 18 months of debate and discussion. While many wanted different outcomes in key areas, […]

CISOs as Board Directors

SEC Sparks Demand for Cyber-Savvy Board Directors New SEC rule changes are expected to require public companies to formally disclose the cybersecurity expertise of board members, as well as the board’s governance practices in overseeing the cybersecurity risk for the company. The added transparency resulting from the new SEC rules will provide shareholders with a […]

New Research: CISOs as Board Directors

Boston, MA – June 6, 2023 – The CAP Group, Artico Search, and IANS Research released its CISO as Board Directors – CISO Board Readiness Analysis, a collaborative research study that evaluates the qualifications of Chief Information Security Officers (CISOs) across the Russell 1000 Index (R1000 [top 1000 US public companies by market capitalization]) against […]

Swimming Naked

The SEC’s new rules for cyber transparency are expected in the next several weeks, and as Warren Buffett said, “Only when the tide goes out do you discover who’s been swimming naked.” In our latest Forbes Technology Council article, we outline some of the ways boards are preparing for ensuring that directors have the appropriate […]

Brian Walker accepted into Forbes Technology Council – The CAP Group CEO and Founder

Brian Walker, CEO of The CAP Group, a cybersecurity advisory firm serving boards of directors, has been accepted into Forbes Technology Council, an invitation-only community for world-class CIOs, CTOs, and technology executives. DALLAS (PRWEB) March 02, 2023 — Brian Walker, CEO of The CAP Group, a cybersecurity advisory firm serving boards of directors, has been […]

90% of Boards Not Ready For SEC Cyber Requirements

Boards are under increasing pressure to provide sound oversight of cybersecurity risk, but often lack the expertise required to be effective. Using publicly available data from sources including the Wall Street Journal, EY, Spencer Stuart, and ISS Corporate Solutions, board advisors at the CAP Group recently released a comprehensive analysis of board-level expertise that shows […]

New SEC Cybersecurity Rules: Being Ready In The Face Of New Expectations

With new cybersecurity legislation being proposed by the U.S. Securities & Exchange Commission (SEC) on Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure, boards will have more reason to be cyber-savvy. Those in the C Suite will need to implement policies and procedures related to cybersecurity. And those on the board will need to identify […]

NYDFS Impacts the 3 R’s of Cybersecurity

The New York State Department of Financial Services (NYDFS) has amended cybersecurity requirements for financial services companies to help these companies shore up defenses against cyberattacks. These proposed amendments put additional responsibility on board members and senior executives in the world of risk management. This will lead to internal discussions around the 3 R’s: risk, […]

CISA Issues Request for Information In Advance of CIRCIA Rulemaking

The Cybersecurity and Infrastructure Security Agency (CIS) issued a request for information (RFI) on September 12, 2022 seeking input on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) that was signed by President Biden in March. CIRCIA requires CISA to implement regulations requiring covered entities to report information about covered cyber incidents […]

CISA adopts whole-of-nation strategy

Since CISA’s launch in 2018, it has matured rapidly from a largely advisory role to a more active champion of defending federal infrastructure in the cyber space. With the release of its comprehensive strategic plan, CISA has taken a whole-of-nation strategic posture. Brian Walker Read the full article here