Having been CEO of a public company and now as CEO of a global enterprise software company which provides cyber security and compliance solutions to many public companies, I can attest to the growing complexities and pressures of supply (threats and risk to operations) and demand (regulatory requirements) that must be managed on a daily basis. In his April 9 letter to the SEC Chair, Senate Commerce Chairman Jay Rockefeller (D-W.Va.) urged the SEC to step-up the requirements on its guidance (issued in October 2011) for companies to disclose information about their ability to defend against attacks on their networks. “Investors deserve to know whether companies are effectively addressing their cyber security risks — just as investors should know whether companies are managing their financial and operational risks,” the letter said. From this experience I’ve learned that corporate risk is idiosyncratic and varies from company to company, but the SEC looks at it all the same.