« CISAがセキュアな産業用制御システムに対する戦略を公表していますね。。。 | Main | NISTIR 8286 (Draft) Integrating Cybersecurity and Enterprise Risk Management (ERM) (2nd Draft) »


US-GAOの報告書 サイバーセキュリティに関する10-Kの開示は一般的な内容が多くあまり参考にならないので追加の開示を希望している by 年金基金代表者



例えば、Full Reportの12ページには次のような記述があります。

Narrative disclosures.

Most investors noted gaps in narrative disclosures that limited their ability to understand companies’ strategies for considering ESG risks and opportunities. For example, some investors noted that some narrative disclosures contained generic language, were not specific to how the company addressed ESG issues, or were not focused on material information. For example, two private asset managers said that companies may provide boilerplate narratives or insufficient context for their quantitative disclosures, and representatives from one pension fund said that the fund would like additional disclosures on cybersecurity but has found that most disclosures on this topic are generic and not very helpful.

・2020.07.06 PUBLIC COMPANIES:Disclosure of Environmental, Social, and Governance Factors and Options to Enhance Them

  • Highlights Page [PDF]
  • Full Report [PDF]
  • Accessible Version [PDF]





U.S. Securties and  Exchange Commission (SEC)

・2018.02.26 SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 229 and 249 [Release Nos. 33-10459; 34-82746] Commission Statement and Guidance on Public Company Cybersecurity Disclosures AGENCY


サイバーインシデントに関する事項は、株主か知っておくべき事項としてForm 8-Kの開示対象となりうりますよね・・・

EDGERのCybersecurity+"8-K"の2015.07.11-2020.07.11の検索結果 (Cybersecurity担当の取締役等の変更等も開示対象となっているので、必ずしもインシデントのみではないですが・・・)



Spotlight on Cybersecurity, the SEC and You




Why GAO Did This Study

Investors are increasingly asking public companies to disclose information on ESG factors to help them understand risks to the company’s financial performance or other issues, such as the impact of the company’s business on communities. The Securities and Exchange Commission requires public companies to disclose material information—which can include material ESG information—in their annual 10-K filings and other periodic filings.

GAO was asked to review issues related to public companies’ disclosures of ESG information. This report examines, among other things,

(1) why investors seek ESG disclosures, (2) public companies’ disclosures of ESG factors, and (3) the advantages and disadvantages of ESG disclosure policy options.

GAO analyzed 32 large and mid-sized public companies’ disclosures on 33 selected ESG topics. Among other criteria, GAO selected companies within eight industries that represented a range of sectors in the U.S. economy and selected ESG factors that were frequently cited as important to investors by market observers. GAO also reviewed reports and studies on ESG policy proposals and interviewed large and mid-sized institutional investors (seven private-sector asset management firms and seven public pension funds), 18 public companies, market observers (such as ESG standard-setting organizations, academics, and other groups), and international government, stock exchange, and industry association representatives.


What GAO Found

Most institutional investors GAO interviewed (12 of 14) said they seek information on environmental, social, and governance (ESG) issues to better understand risks that could affect company financial performance over time. These investors added that they use ESG disclosures to monitor companies’ management of ESG risks, inform their vote at shareholder meetings, or make stock purchasing decisions. Most of these institutional investors noted that they seek additional ESG disclosures to address gaps and inconsistencies in companies’ disclosures that limit their usefulness.

GAO’s review of annual reports, 10-K filings, proxy statements, and voluntary sustainability reports for 32 companies identified disclosures across many ESG topics but also found examples of limitations noted by investors. Twenty-three of 32 companies disclosed on more than half of the 33 topics GAO reviewed, with board accountability and workforce diversity among the most reported topics and human rights the least. Disclosure on an ESG topic may depend on its relevance to a company’s business. As shown in the figure, most companies provided information related to ESG risks or opportunities that was specific to the company, though some did not include this type of company-specific information.

Additionally, differences in methods and measures companies used to disclose quantitative information may make it difficult to compare across companies. For example, companies differed in their reporting of carbon dioxide emissions.

Policy options to improve the quality and usefulness of ESG disclosures range from legislative or regulatory action requiring or encouraging disclosures, to private-sector approaches, such as using industry-developed frameworks. These options pose important trade-offs. For example, while new regulatory requirements could improve comparability across companies, voluntary approaches can provide flexibility to companies and limit potential costs.




« CISAがセキュアな産業用制御システムに対する戦略を公表していますね。。。 | Main | NISTIR 8286 (Draft) Integrating Cybersecurity and Enterprise Risk Management (ERM) (2nd Draft) »


Post a comment

(Not displayed with comment.)

Comments are moderated, and will not appear on this weblog until the author has approved them.

« CISAがセキュアな産業用制御システムに対する戦略を公表していますね。。。 | Main | NISTIR 8286 (Draft) Integrating Cybersecurity and Enterprise Risk Management (ERM) (2nd Draft) »