top of page
Search

Materiality Matters

  • ICIT Fellow
  • May 2, 2023
  • 1 min read

Updated: May 9, 2023

The plain truth is that – many CISOs don't understand materiality. In addition, many organizations have chosen to use a risk lens that downplays the actual risk of an incident, as well as the future cybersecurity-related risks to their shareholders, their customers, and to society.In this essay by ICIT Fellow Malcolm Harkins, readers will learn about what cyber materiality is, how to explain cyber materiality to the Board and investors, and the ethical obligations that CISOs face when materiality is impacted by cyber events.

This paper introduces the concept of cyber risk materiality and how it should be presented to Boards of Directors and in financial disclosure documents. The essay also provides a method for tracking and visualizing cyber risk materiality.



The Institute for Critical Infrastructure Technology is a non-partisan 501(c)3 not-for-profit organization. 

EIN #47-5294309

Follow Us

  • LinkedIn
  • Youtube

Contact Us

Important Links

 Support

+  Privacy Policy

Get the latest news & expert opinions delivered straight to your inbox

Keeping People at the Center of Critical Infrastructure

© 2026 by The Institute for Critical Infrastructure Technology (ICIT)

bottom of page