According to the “Regulations Governing Information to be Published in Annual Reports of Public Companies”, public companies must disclose the cyber security management status of the last year in the annual report so that shareholders could understand what the security incidents occurred in the companies, and the cyber security management actually performance of the companies in the last year.In addition, according to Article 9-1 of the “Regulations Governing Establishment of Internal Control Systems by Public companies”, public companies shall allocate adequate chief information security officer to promote the company's cyber security policy and management.

With the above regulations, this speech not only include the importance of the annual reports must disclose cyber security management, but also take the different businesses cases to make everyone understand real situation in different corporations and then by the properly express the policy of cyber security to shareholders that will make corporations can achieve the goal of information security governance gradually.