The C-Suite Guide to New SEC Cybersecurity Disclosure Rules

The C-Suite Guide to New SEC Cybersecurity Disclosure Rules

The U.S. Securities and Exchange Commission (SEC) now mandates public companies to disclose major cybersecurity incidents and outline their cybersecurity risk management annually, starting December 2023. This aims to standardize disclosures, offering investors more consistent information.

Key regulation elements include:

  • Companies must detail their processes for assessing, identifying, and managing significant cybersecurity risks in their Form 10-K (annual report);
  • The annual report should also specify the board's oversight of these risks and management's role in addressing them;
  • In the event of a significant cybersecurity incident, companies must accurately report the breach within four business days as an appendix to Form 8-K.
View this guide to better understand Cybersecurity Disclosure Rules, whilst also acquiring best practice solutions in overall cybersecurity policy management.



Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.