Why is the reporting of non-financial information and the management of non-financial risk becoming so important to investors?
John Gomez , CEO of Sensato Cybersecurity Solutions , presented, “Cybersecurity Risks: Myths, Fallacies and Facts&rdquo...Executives must understand the risks and support the efforts with needed resources
If I were a betting man – and sometimes I am – the data released by The Hartford Midsize Business Monitor about the role of technology in midsize companies points towards a growing risk that is not just the exclusive pain of the ‘big guys.’ Eighty-two percent of midsize companies consider data breaches at least as a minor risk to their companies, with 32% seeing it as a major risk
2 Comments - no search term matches found in comments.
Securities and Exchange Commission (SEC) is " on the lookout for violations such as poor risk controls or lax disclosures relating to hacking and other cyber breaches ."
2 Comments - With President Obama weighing in with his thoughts on 2/13/15 at the White House Summit on Cybersecurity and Consumer Protection ( http://1.usa.gov/175mSWw), it is time for board-level conversations related to fraud risks threatening our organizations, if these conversation were not yet occurring. An integrated risk assessment process inclusive of fraud risk (COSO Principle 8) that occurs at both the entity and business process levels is needed at all of our organizations to leverage compliance for business excellence
Kaplan and Chris Rezek make a case for the need to shift perspective on how the company views cyber risks. And how to mitigate them. Companies relying on internal controls to protect them from cyber risks are looking at it as an IT challenge, and they’re missing the point
1 Comment - no search term matches found in comments.
This is an inaugural report from AT&T – they did it to “enforce an action plan to ensure there’s a consistent risk assessment process in place, better understand what data is leaving your company and why you might be a target for an attack, ensure clear understanding of which board committee is responsible for security, and determine if your security team has necessary resources to protect against a breach.” With the downside risks including loss of reputation and brand equity in addition to the information itself – in my mind, HUGE risks to your future viability as a profitable, successful organization – it is mindboggling to me to also read that 75% of organizations do NOT involve their boards in oversight of cybersecurity as a material risk to the entity
Together with the European Supervisory Agencies, the European Central Bank and the FSB, the European Commission will continue monitoring the developments in this subject area. Considering the risks associated with the digital assets transactions and the appropriateness of the regulatory framework, the European Commission will assess, by the fourth quarter of 2018, at what extend a regulatory action on an EU level is necessary. In this context, last month the European Supervisory Agencies – EBA, ESMA and EIOPA – issued a coordinated warning to the consumers about the high risk of investment in virtual currencies associated with uncertainty in the regulation and their extreme volatility.3 This notification followed the alerts issued in November 2017 by ESMA to investors concerning the high risk of investing in ICOs and on the rules applicable to firms involved in ICOs.4 Additional aspects to consider when analysing digital assets include the impact of the General Data Protection Regulation (GDPR) entering into force in May 2018,5 the eIDAS Regulation6 and the recent proposal to extend the scope of the Anti-Money Laundering Directive to virtual currency exchanges and wallet providers.7 Finally, a further step forward in the regulation of digital assets and ICOs was taken outside the EU with the publication of the ICO Guidelines by FINMA (the Swiss Financial Market Supervisory Authority) on February 16, 2018. The document complements the FINMA Guidance 04/2017 and provides further information and clarification on how the authority aims to employ the financial markets legislation by dealing with ICO organisers.8 Footnotes 1) FinTech Action Plan: For a more competitive and innovative European financial sector 2) Proposal for a Regulation of the European Parliament and of the Council on European Crowdfunding Service Providers (ECSP) for Business 3) ESMA, EBA and EIOPA warn consumers on the risks of Virtual Currencies 4) ESMA Highlights ICO Risks for Investors and Firms 5) Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) 6) Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC 7) Directive (EU) No. 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing 8) FINMA publishes ICO guidelines Information about the use of XBRL for better access to financial and non-financial data for global investors: The European Financial Transparency Gateway, is a proof of concept index for financial reporting being developed by the European Commission’s DG FISMA
At the summit -- Carney again called for improved disclosure of climate risks from listed firms to help ensure investors can respond appropriately to this growing international crisis
BlackRock, the world’s largest asset manager, recently sent “open letters” to 120 companies in the energy, transportation and industrial sectors urging improved disclosure of “’material climate risk inherent in their business operations’” in accordance with the recommendations of the Financial Stability Board’s Task Force on Climate-related Financial Disclosures (TCFD)
With cyber security breaches in the daily headlines, governing your data assets is now a material risk factor. According to an InformationWeek story in February 2014 , almost half (44%) of companies do not have data governance plans in place, and 22% of those without one have no plans to implement one