The case of Wells Fargo, as discussed in Figure 2.1, makes it clear that boards have clear responsibility for gaps in risk management. Every regulated trading environment now operates under clear regulations for governance – in the United States, it is SEC rule 33-9089. Robust risk management programs are critical to avoid financial and reputational damage.
As shown in the timeline that follows, legislators try to get out ahead of the risks. Further, as new risks are identified we can expect that the more impactful an event, the more rigorous the legislative response will be.
For example:
Stringent Payment Card Industry (PCI) standards followed reported incidents with Heartland in 2009 and Sony PlayStation in 2011.
In the wake of Facebook's mishandling of user information in 2018, US states are passing new regulations to address both privacy and consumer trust.
Bills before the US Congress in 2018 include the Cybersecurity Disclosure Act, which requires boards to either have the requisite skills or to identify their strategy for obtaining the advice and support that they need.
The timeline shown in Figure 2.2 aligns events since 2002 with the regulatory developments.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month, and much more.
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
