Summary of the SEC's new rules on cybersecurity risk management, strategy, and incident disclosure for #executives and #boardofdirectors :

Things that executives and board members should do to comply with the new rules:

Appoint a chief information security officer (CISO) and ensure that the #CISO has the necessary authority and resources to manage cybersecurity risks.

Develop and implement a comprehensive cybersecurity #riskmanagement program that includes policies, procedures, and controls to mitigate cybersecurity risks.

Conduct regular risk assessments to identify and prioritize cybersecurity risks.

Implement appropriate measures to mitigate identified risks.

Test and monitor the effectiveness of the cybersecurity risk management program on an ongoing basis.

Disclose material cybersecurity incidents promptly to investors.

By taking these steps, executives and board members can help ensure that their companies are taking appropriate steps to protect themselves from cybersecurity risks.