« CISAがセキュアな産業用制御システムに対する戦略を公表していますね。。。 | Main | NISTIR 8286 (Draft) Integrating Cybersecurity and Enterprise Risk Management (ERM) (2nd Draft) »

2020.07.11

US-GAOの報告書 サイバーセキュリティに関する10-Kの開示は一般的な内容が多くあまり参考にならないので追加の開示を希望している by 年金基金代表者

こんにちは、丸山満彦です。

US-GAOが環境、社会、ガバナンスの要素の開示とそれらを強化するためにとりうることについての報告書を出していまして、そこにサイバーセキュリティに関する内容も少し触れられていますね。

例えば、Full Reportの12ページには次のような記述があります。

Narrative disclosures.

Most investors noted gaps in narrative disclosures that limited their ability to understand companies’ strategies for considering ESG risks and opportunities. For example, some investors noted that some narrative disclosures contained generic language, were not specific to how the company addressed ESG issues, or were not focused on material information. For example, two private asset managers said that companies may provide boilerplate narratives or insufficient context for their quantitative disclosures, and representatives from one pension fund said that the fund would like additional disclosures on cybersecurity but has found that most disclosures on this topic are generic and not very helpful.

● GAO
・2020.07.06 PUBLIC COMPANIES:Disclosure of Environmental, Social, and Governance Factors and Options to Enhance Them

  • Highlights Page [PDF]
  • Full Report [PDF]
  • Accessible Version [PDF]

 

 

-----

サイバーリスクとインシデントに関する開示の話が触れられていますが、一般論的ですかね。。。

U.S. Securties and  Exchange Commission (SEC)


・2018.02.26 SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 229 and 249 [Release Nos. 33-10459; 34-82746] Commission Statement and Guidance on Public Company Cybersecurity Disclosures AGENCY

[html]を作ってみました。。。

サイバーインシデントに関する事項は、株主か知っておくべき事項としてForm 8-Kの開示対象となりうりますよね・・・

EDGERのCybersecurity+"8-K"の2015.07.11-2020.07.11の検索結果 (Cybersecurity担当の取締役等の変更等も開示対象となっているので、必ずしもインシデントのみではないですが・・・)

投資家等向けのCybersecurityページ

https://www.sec.gov/spotlight

Spotlight on Cybersecurity, the SEC and You

 

開示に対する考え方は参考になるかもですね。。。

-----

Why GAO Did This Study

Investors are increasingly asking public companies to disclose information on ESG factors to help them understand risks to the company’s financial performance or other issues, such as the impact of the company’s business on communities. The Securities and Exchange Commission requires public companies to disclose material information—which can include material ESG information—in their annual 10-K filings and other periodic filings.

GAO was asked to review issues related to public companies’ disclosures of ESG information. This report examines, among other things,

(1) why investors seek ESG disclosures, (2) public companies’ disclosures of ESG factors, and (3) the advantages and disadvantages of ESG disclosure policy options.

GAO analyzed 32 large and mid-sized public companies’ disclosures on 33 selected ESG topics. Among other criteria, GAO selected companies within eight industries that represented a range of sectors in the U.S. economy and selected ESG factors that were frequently cited as important to investors by market observers. GAO also reviewed reports and studies on ESG policy proposals and interviewed large and mid-sized institutional investors (seven private-sector asset management firms and seven public pension funds), 18 public companies, market observers (such as ESG standard-setting organizations, academics, and other groups), and international government, stock exchange, and industry association representatives.

 

What GAO Found

Most institutional investors GAO interviewed (12 of 14) said they seek information on environmental, social, and governance (ESG) issues to better understand risks that could affect company financial performance over time. These investors added that they use ESG disclosures to monitor companies’ management of ESG risks, inform their vote at shareholder meetings, or make stock purchasing decisions. Most of these institutional investors noted that they seek additional ESG disclosures to address gaps and inconsistencies in companies’ disclosures that limit their usefulness.

GAO’s review of annual reports, 10-K filings, proxy statements, and voluntary sustainability reports for 32 companies identified disclosures across many ESG topics but also found examples of limitations noted by investors. Twenty-three of 32 companies disclosed on more than half of the 33 topics GAO reviewed, with board accountability and workforce diversity among the most reported topics and human rights the least. Disclosure on an ESG topic may depend on its relevance to a company’s business. As shown in the figure, most companies provided information related to ESG risks or opportunities that was specific to the company, though some did not include this type of company-specific information.

Additionally, differences in methods and measures companies used to disclose quantitative information may make it difficult to compare across companies. For example, companies differed in their reporting of carbon dioxide emissions.

Policy options to improve the quality and usefulness of ESG disclosures range from legislative or regulatory action requiring or encouraging disclosures, to private-sector approaches, such as using industry-developed frameworks. These options pose important trade-offs. For example, while new regulatory requirements could improve comparability across companies, voluntary approaches can provide flexibility to companies and limit potential costs.

-----

 

|

« CISAがセキュアな産業用制御システムに対する戦略を公表していますね。。。 | Main | NISTIR 8286 (Draft) Integrating Cybersecurity and Enterprise Risk Management (ERM) (2nd Draft) »

Comments

Post a comment



(Not displayed with comment.)




« CISAがセキュアな産業用制御システムに対する戦略を公表していますね。。。 | Main | NISTIR 8286 (Draft) Integrating Cybersecurity and Enterprise Risk Management (ERM) (2nd Draft) »