SEC Rules Raise Questions About Security Role of Fund Boards

Nicole Crum was quoted in the article "SEC Rules Raise Questions About Security Role of Fund Boards," which was published by Fund Directions [sub. req.] on March 21, 2022.

Nicole comments on the impact of recently proposed SEC rules that could impose new cybersecurity disclosure requirements on public companies. "In the past, guidance from the SEC on the responsibilities of the board for cybersecurity has, at times, crossed the line between oversight and management," Crum says. "The assumption seemed to be that the board would know a lot about all the pieces involved in fully understanding the risk and knowing how the infrastructure was laid out and that they could [intervene] even more if that were needed."

On the possibility that fund boards may be required to designate a security expert to evaluate and approve cybersecurity risk assessment and preparation, Nicole says: "If members of the board are required to make an assessment of the amount of resources that are being committed to cyber, they may be able to do that. But it cannot be the case that boards of directors are expected to have the level of sophistication and technical expertise on cyber to establish their own perspective independent of information they’re provided on cyber resources and management."