In 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity disclosure rules. These regulations mandate the disclosure of “material” threat and breach incidents within four days of occurrence, along with annual reporting on cybersecurity risk management, strategy, and governance.
The introduction of the new SEC cybersecurity requirements represents a critical milestone in the continuous fight against cyber threats. In 2023, chief information security officers (CISOs) revealed that three out of four companies in the United States were vulnerable to a material cyberattack. Consequently, cybercrime remains one of the foremost risks confronting US-based companies. Additionally, in the same year, nearly seven out of ten organizations in the United States experienced a ransomware attack within the preceding twelve months.
Cyberattacks pose significant risks to businesses, primarily in terms of financial damage. In 2024, cybercrime is projected to cost the United States alone more than $452 billion. Additionally, the loss of sensitive data is a consequential outcome of cyberattacks. In 2023, the United States ranked third globally in the percentage of companies…
