As New SEC Rules Go Into Effect, Cybersecurity Moves to Top of Agenda for Risk Leaders & Boards

In both long-running surveys, cybersecurity has long been a leading concern, but with 2024 being the first full year for the SEC’s new rules requiring publicly traded companies to make timely disclosures of “material” cybersecurity incidents, infosec is clearly (or should be) top of mind for all corporate leaders.

Notably, the board director report found that while boards have long agreed that cybersecurity is an oversight challenge for them, they tended to rate preparedness for the SEC’s new rules as lackluster, giving themselves a 6.75/10 and management a 7.28/10. While no cases have as yet been brought against organizations for failing to comply with these new rules, recent SEC enforcement actions, including charges the agency filed against SolarWinds’ chief information security officer, suggest consequences will be serious. The report attributes board members’ trepidation when it comes to cybersecurity preparedness to the complexity of the SEC’s new rules, including lack of clarity regarding materiality in cyber incidents.

In Allianz Commercial’s annual survey of risk leaders, 36% of respondents said cybersecurity was one of their top three risks, followed by business interruption (31%) and natural catastrophes (26%). Informed by responses from more than 3,000 risk management experts in 92 countries, the report includes insights from CEOs, risk managers, brokers and insurance experts.

Political risks and violence were the among biggest movers of the year in the Allianz research, climbing two positions, while macroeconomic factors seem less likely to pose a risk in 2024, as just 19% of risk leaders cited them as one of their biggest worries. However, board members may feel the damage has been done, with directors listing high interest rates (83%), inflation (87%) and labor (76%) as external factors that negatively affected their companies’ performance in 2023, according to the director report.