Bryan Marlatt, chief regional officer at cybersecurity consulting agency CyXcel, mentioned that whereas regulators require notifications of a company’s cybersecurity program and lively incidents, boards are sometimes extra involved about popularity administration.
“They [CISOs] are more and more directed by the group’s senior management to maintain quiet or to misclassify an incident to maintain it beneath the radar of regulatory our bodies, shareholders, and others,” Marlatt advised CSO.
Marlatt added: “As a former CISO, I had this occur to me. Following a directive to misrepresent the group’s dangers to the Audit Committee and embellish the cybersecurity program’s capabilities on the SEC Type 10-Ok, I opted to depart the group.”
