David R. Fontaine is Chief Executive Officer of Corporate Risk Holdings LLC and CEO of Kroll, Inc., and John Reed Stark is president of John Reed Stark Consulting LLC. This post is based on an article authored by Mr. Fontaine and Mr. Stark.
The U.S. Securities and Exchange Commission’s (“SEC”) recently issued guidance for public companies on cybersecurity-related disclosures has garnered a great deal of attention for what it says about the threat and risk that cybersecurity presents for public companies—large and small (the “2018 Guidance”). With cyber-incidents capturing headlines around the world with increasing frequency, businesses and regulators have come to recognize that cyber-incidents are not a passing trend, but rather in our digitally connected economy, an embedded risk that is here to stay. Indeed, these cybersecurity risks represent a mounting threat to businesses—risks that can never be completely eliminated.