FRC publishes its recommendations to improve digital security disclosure

  • FRC Image
  • Financial Reporting Lab Image

04 Aug 2022

The Financial Reporting Council Lab (FRC Lab) has published a report on digital security risk disclosure to help companies improve the disclosure of digital security strategies, risks and governance.

The report highlights a number of factors that are driving a greater focus on digital security risk and indicates that there is a need for better disclosures to meet the needs of investors. 

The FRC Lab found that whilst a 'significant proportion' of FTSE 350 companies reported at least one digital-related principal risk, disclosures are often 'boilerplate' and 'static'.  It highlights that corporate reporting teams and audit committees that want to enhance disclosures and better meet the needs of investors should focus on aspects of strategy, governance, risk and events, considering disclosures that:

  • explain how digital security and strategy are important to the company's current and future business model, strategy and environment;
  • detail the governance structures, culture and processes the company has in place to support digital security and strategy;
  • identify digital security and strategy risks and opportunities the company is facing both now and in the future; and
  • highlight the impact of internal and external events and the actions and activities that respond to these.

The report explores investor needs (i.e. those investors that were part of the project) across strategy, governance, risk and events, provides considerations for boards and audit committees and provides disclosure recommendations.  It is supported by a separate detailed example bank providing practical examples of current better practice to help companies improve their disclosures.  

The press release and the reports are available on the FRC website.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.