Cybersecurity has become one of the most material risks facing public companies, yet board oversight structures remain uneven. Our CompanyIQ® analysis of S&P 500 companies that filed 2025 proxies shows both progress and persistent gaps. Key Findings: How CompanyIQ® Powers This Research This report leverages CompanyIQ®, MyLogIQ’s AI-powered research platform, which tracks governance documents, proxy…
This report analyzes cyber-related disclosure risks and opportunities based on a review of Securities and Exchange Commission (SEC) comment letters. The SEC’s latest cybersecurity rules issued July 2023 – Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies – generally go into effect for disclosures filed beginning the first quarter of 2024. This…
With the July 2023 adoption by the U.S. Securities and Exchange Commission (SEC) of enhanced disclosures of cybersecurity incidents and risk management, we reviewed the current reporting practices of financial sector companies to see where things stand and to help provide guidance to companies. The new rule, Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure…
With the July 2023 adoption by the U.S. Securities and Exchange Commission (SEC) of enhanced disclosures of cybersecurity incidents and risk management, we updated our March 2023 review of current reporting practices to see where things stand and to help provide guidance to companies. The new rule, Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure…
With the July 26, 2023 U.S. Securities and Exchange Commission (SEC) adoption of new rules to enhance disclosure of cybersecurity risk management, we took a look at current reporting practices to see where things stand and to help provide guidance on where companies need to go once the new rule becomes effective. The new rules,…
T-Mobile announced in a Form 8-K last month that it had suffered a cybersecurity breach that could present “significant,” yet probably not material, costs to the company. The disclosure included a swath of information — including details on the types of files accessed by bad actors, where hackers probably got into T-Mobile’s systems and a…
In recent years, search firms have been flooded by requests for director candidates with cybersecurity backgrounds as boards seek to leverage this expertise when responding to rising cyber risks. …Over the past five years, companies in both the Russell 3000 and S&P 500 have seen the number of directors boasting cybersecurity expertise climb by the…
The recent surge in cybersecurity and ransomware attacks has spurred many boards to ask management to take a second look at the cybersecurity protections that they have in place, specifically insurance coverage in the event of an attack with cascading impacts on partners and third parties. Recent estimates show that the global cyber insurance market…
The war between Russia and Ukraine has drawn some cybercriminals away from monetarily driven cyberattacks — such as the typical ransomware attack — and toward hacktivism. Despite that, the number of ransomware attacks is still expected to grow this year, according to a leading cybersecurity company. Directors shouldn’t take some hackers’ new focus as a…
Using our CompanyIQ® corporate governance database, we analyzed the DEF 14A proxy disclosures of S&P 500 companies to identify how they are managing cybersecurity risk. With the SEC’s proposed rules for enhanced cybersecurity management disclosures in the public comment period until May 9, 2022, the data in our report may help benchmark best practices.