FRC report calls for improved digital security risk disclosure

The Financial Reporting Council (FRC) Lab on Wednesday issued Digital Security Risk Disclosure, a report designed to help UK companies effectively disclose information on digital security strategies, risks, and governance sought by investors.

The FRC, which sets UK corporate governance and stewardship codes, said in a news release that its research revealed that "disclosures are not meeting investor needs effectively and companies need to improve to address this". And it's not just about what investors want: The 31-page report stated that the UK government recently identified digital security as "a key business resilience issue" that must be addressed as a part of new reporting requirements on the horizon.

"Every company is now digital, so providing useful, relevant, and focused disclosure on digital security is critical," Mark Babington, executive director of regulatory standards at the FRC, said in the release. "Investors need transparency in this area, and this report provides a key resource for companies looking to achieve this."

The report offers guidance and real-world examples for reporting teams and risk teams involved in reporting and audit committees. The FRC recommended the need for more useful disclosures in four areas:

• Strategy. Establish the importance of digital security and strategy to an organisation's current and future business model, strategy, and environment.
• Governance. Detail the organisation's established governance structures, culture, and processes to support digital security and strategy.
• Risk. Identify current and future risks and opportunities related to digital security and strategy that the organisation is facing.
• Events. Highlight the impact of internal and external events and the organisation's responses.

— To comment on this article or to suggest an idea for another article, contact Bryan Strickland at Bryan.Strickland@aicpa-cima.com.