Bryan Marlatt, chief regional officer at cybersecurity consulting agency CyXcel, stated that whereas regulators require notifications of a company’s cybersecurity program and energetic incidents, boards are sometimes extra involved about fame administration.
“They [CISOs] are more and more directed by the group’s senior management to maintain quiet or to misclassify an incident to maintain it beneath the radar of regulatory our bodies, shareholders, and others,” Marlatt informed CSO.
Marlatt added: “As a former CISO, I had this occur to me. Following a directive to misrepresent the group’s dangers to the Audit Committee and embellish the cybersecurity program’s capabilities on the SEC Kind 10-Okay, I opted to depart the group.”
