This is a great white paper on ESG type reporting for cyber resilience. The trick, however, will be to balance transparency with vulnerability exposure.
We believe that, despite the potential challenges and downsides, some form of external cyber resilience reporting (akin to ESG reporting) will inevitably be required of certain companies in the not too distant future. The trick will be in finding the right balance and formula to protect the disclosing company from exposing vulnerabilities to adverse actors.