New Code of Good Governance in Cybersecurity

The CNMV published the “Code of Good Governance in Cybersecurity,“ which was prepared by the National Cybersecurity Forum. This code was developed by a group of experts who analyzed existing regulations and standards to improve corporate governance in the field of cybersecurity.
The Code aims to provide organizations with practices to support a model of good governance of cybersecurity and facilitate its management in networks and information systems. It also intends to enhance decision-making processes within organizations, particularly by their management bodies.
The Code consists of thirteen principles organized into three categories: Strategy and Organization, Management, and Supervision. It offers recommendations that can be used by any organization seeking to achieve adequate cybersecurity governance. It is not intended to be a new set of controls to be implemented but rather a tool to assess an organization’s maturity in achieving cybersecurity objectives.
While the Code is not a CNMV document and not a recommendation for listed companies, the CNMV publicizes it to increase awareness among listed companies and other supervised entities due to the growing risk of cyber-attacks.