Just how, exactly, are you going to describe your company’s cybersecurity strategy, governance, and risk management program in your 10-K? You need to know what governance is, right? And how that’s different from strategy? And how cybersecurity risk management is … something that executives’ roles and … board director sign-off … and reasonable investors too … right? Oh, and materiality, too. Got it.
For most companies, 10-Ks will be hard to fill out because U.S. companies generally don’t run cybersecurity through governance, strategy, or risk management programs. At least not in a way that could withstand review by inquiring analysts or investors.
Most public companies do, however, provide demonstrable (and prudent) disclosures. So how will your 10-K cybersecurity disclosures be both accurate and not scare away reasonable investors?
In this presentation, Chris Cronin will help you understand what cybersecurity strategy, governance, and risk management are, and will show you how to use an emerging definition for reasonable cybersecurity controls to help you define materiality. Plus learn how you can efficiently and effectively manage your risk program with Reasonable Risk, the only GRC SaaS tool based on Duty of Care Risk Analysis (DoCRA).
Your first 10-K will likely be a light touch among many pretty weird 10-Ks that other companies will file. But your 2024 preparation for your second filing can put you ahead of your competitors.