Home

On July 26, the U.S. Securities and Exchange Commission (SEC) formally approved and adopted new cybersecurity disclosure rules for public companies. First proposed on March 9, 2022, and then closed and reopened several times for comment periods through May 2023, the highly anticipated new rules require registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy and governance. Foreign private issuers are also required to make comparable disclosures. 

In today's rapidly evolving business landscape of emerging technologies and capabilities, geopolitical instability and unforeseen global events, organizations are facing unprecedented challenges. Traditional notions of enterprise risk management and contingency planning are proving to be challenging in a new era where disruptions can strike from multiple fronts simultaneously. As a result, enterprise resiliency has emerged as a critical priority for organizations aiming to thrive in the face of adversity and uncertainty.

In the absence of legal guidelines, companies need to establish internal processes for responsible use of AI.

A wise uncle once said to his nephew in a movie, “with great power comes great responsibility.” This adage has never been more true as it pertains to the emergence and popularity of AI. However, organizations are starting to reflect on and question who ultimately bears this responsibility from an enterprise risk management perspective.

The sudden collapse of Silicon Valley Bank (SVB) once again highlights the importance of effective risk management.