With the SEC's proposed rules for enhanced cybersecurity risk management oversight in their 60-day comment period until May 9, 2022, we thought it might be helpful to review how S&P 500 companies handle and disclose their handling of cybersecurity risk.

As our benchmarking report shows:

• 95% of S&P 500 companies disclose how their boards manage cyber risk.
• 66% of these companies task their Audit Committee with this responsibility.

Given their potential to be an existential threat to normal business operations, corporate cyber attacks, which by some estimates have increased by 50% since last year, are a key focus of the Biden Administration's multi-pronged approach to cybersecurity. How companies disclose the material impacts of ransomware and security breaches in their 8-K reporting, identifying who at the board and management levels has responsibility for cyber risk management, and how much cyber expertise exists on the board are all part of the proposed rules and covered in our report, which draws from our CompanyIQ^® corporate governance database.

For more information, see our report.