NASDAQ: Key Learnings from Early Disclosures
“Another survey conducted by cybersecurity consulting firm Halock Security Labs published in September 2024 reviewed thousands of 10-Ks filed since December 2023 and found that only 24 of the forms listed risk assessment methods. The report claims that “public companies appear to be overstating their cybersecurity governance capabilities in their 10-Ks…companies do not yet know how to define what cybersecurity risk management is, how they determine what cyber risks and incidents would be qualitatively and quantitatively material, or how they discern strategy from governance.”
