Ms. Mehraban’s statements do little to lessen the concerns of directors and other “gatekeepers” over the SEC’s recent emphasis on bringing enforcement actions against individuals. Enforcement decisions still depend on whether the staff believes gatekeepers have behaved “unreasonably” or failed to be sufficiently proactive in the face of red flags. This is particularly alarming in the context of cybersecurity, which continues to escalate in volume and complexity at a pace that the average company struggles to stay on top of.
via Mixed Enforcement Messages (and What’s in a Name?) | PCGC