Boards can no longer afford to pass the buck when it comes to cyber-security and would do well to adhere to voluntary government guidelines that could be a portent of eventual mandatory requirements. That was the warning from Luis Aguilar, a member of the Securities and Exchange Commission, during a speech at this week at the Cyber Risks and the Boardroom conference at the New York Stock Exchange.
“Although primary responsibility for risk management has historically belonged to management, the boards are responsible for overseeing that the corporation has established appropriate risk management programs and for overseeing how management implements those programs,” he said. “There can be little doubt that cyber-risk also must be considered as part of board’s overall risk oversight.”
