During congressional hearings earlier this month, senators grilled Richard Smith, the former Equifax CEO, on the company’s reporting structure for cybersecurity; specifically, on the appropriateness of Equifax’s CISO reporting to the general counsel.  Davis Polk has published a blog post on the reporting structure for CISOs and factors companies should consider when structuring cyber incident reporting. The full blog post is available at our Cyber Breach Center, here.

To subscribe to our cybersecurity blog, click here.