Cybersecurity trends in SEC filings

In 2023, the SEC required public companies to disclose cybersecurity risk management in their annual filings, prompting an analysis of the top 200 S&P companies' cybersecurity leadership structures. The analysis found that Chief Information Security Officers (CISOs) lead cybersecurity at over 70% of companies with an average of 23 years of experience, most commonly reporting to the Chief Information Officer, while the Audit Committee oversees cybersecurity at about 60% of companies, and the NIST Cybersecurity Framework (a set of best practices for managing cyber risks) is the most referenced security standard.