SEC 10-K Cybersecurity Trends and Governance 2025
📝 This article analyzes the new SEC 10-K cybersecurity disclosure section (1.C) across the top 200 S&P companies, summarizing governance, reporting lines, standards, and trends between 2024 and 2025. It highlights that the CISO remains the principal cybersecurity role, with the CIO commonly as the reporting executive and audit committees most frequently overseeing cyber risk. The piece also reviews common practices such as TPRM, proactive testing, human-centric training, AI risks, and the author’s AI-assisted data collection and analysis methods.
