Risk Frameworks and Security Control Standards in 10-K Cybersecurity disclosures between 2023-12-15 and 2024-06-30
Andrew Hoog Abstract Keywords: Cybersecurity disclosures, 10-K, Risk Frameworks, Security Control Standards. 1. Introduction The recent cybersecurity disclosure rules from the SEC not only provide investors with material information on how companies manage security risk but also valuable data that can be used to glean best practices in cybersecurity risk management or even gaps in cybersecurity strategy. Many practitioners conflate Risk Frameworks with Security Control Standards. This insight report will provide data on what risk frameworks and security control standards are mentioned and at what frequency.