Guest Post by Ed Perkins (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
In an earlier post [1] we looked whether ‘plausible deniability’ was now a dead strategy in the face of enterprise risk management (ERM) and the likely impact of the US SEC (Securities and Exchange Commission) guidance [2] regarding disclosure obligations relating to operational and cybersecurity risks and cyber incidents. The SEC noted that “a number of disclosure requirements may impose an obligation on registrants to disclose such risks and incidents. [Read more…]