Skip to main content

SEC Commissioner Aguilar Speaks on Cybersecurity Issues for the Boardroom

Earlier this week SEC Commissioner Luis A. Aguilar gave a speech at the New York Stock Exchange on "Boards of Directors, Corporate Governance and Cyber-Risks," in which he strongly urged directors to focus on the need for increased oversight of cyber-risks:

Given the significant cyber-attacks that are occurring with disturbing frequency, and the mounting evidence that companies of all shapes and sizes are increasingly under a constant threat of potentially disastrous cyber-attacks, ensuring the adequacy of a company's cybersecurity measures needs to be a critical part of a board of directors' risk oversight responsibilities.

Commissioner Aguilar recommended that directors take the following four steps:

  1. Use the Framework for Improving Critical Infrastructure Cybersecurity released by the National Institute of Standards and Technology as a guide;
  2. Consider cyber-risk education for directors, recruiting a director who knows information technology, or creating an enterprise risk committee to focus attention on cyber-risks;
  3. Make sure the company has appropriate personnel to manage cyber-risks; and
  4. Prepare a plan for responding to cybersecurity breaches.

For further discussion and analysis of Commissioner Aguilar's speech, please check out this posting by our colleague Adam Veness on Mintz Levin's Privacy & Security Matters blog, which also has an excellent Cyber-Risks Boardroom Series.  You can also find information about the SEC's cybersecurity initiatives here.

Subscribe To Viewpoints


Chip Phinney