Corporate governance body urges more flexibility in SEC cyber rulemaking, questions mandates on boards

The Society for Corporate Governance is asking the SEC to redefine “reportable cyber incidents” in a proposed cybersecurity rule and provide greater flexibility in aspects of the regulation intended to ensure proper cyber oversight by corporate boards and management.

The Securities and Exchange Commission’s proposed definition of an incident and four-day reporting requirement have raised concerns among a diverse cast of major industry groups, but the corporate governance organization also offers a first-hand view on the SEC’s effort to prod...